On 8 November 2017 21:09:11 GMT+00:00, Nicolas Therrien <[email protected]> wrote:
<snip/> >My understanding is that when "certificateVerification" is set to >"required", the server would perform the same verification as the >client does, that is: > >1) Verify the incoming certificate is signed by an authority that is >part of the local truststore. Correct. >2) Verify that the incoming certificate's common name matches the >hostname of the peer we are communicating with. Incorrect. The client very is intended to prove the identity of the user, not the host the happen to be using. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
