On Tue, Aug 15, 2006, Xie Grace Jingru-LJX001 wrote:
> Hi,
>
> Does anyone know where in the certificate verification routine that it
> checks the "Common Name" field against the device's interface IP
> address?
>
> Because the interface ip address may change at run time, it's preferred
> to ha
> Hi,
>
> Does anyone know where in the certificate verification routine that it
> checks the "Common Name" field against the device's interface IP
> address?
You want to check the CN against what the higher-level code intended to
connect to. The SSL library has no idea what the higher-le
David Schwartz wrote:
For example, if you try to connect to 'www.amazon.com' and the resolver
resolvers this to '72.21.206.5', you want to get a certificate for
'www.amazon.com'. A certificate for '72.21.206.5' would not prove to the
user that he reached 'www.amazon.com' because an attac
> > Verifying that you got the "right certificate" as opposed to a valid
> > certificate is outside the scope of what the SSL layer can do.
> The key issue (pun intended) is possession of the associated private
> key for the identity bound to the public key in the cert. If the
> party posses
