13 Jun
2014
13 Jun
'14
5:56 a.m.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
reg14@rambler.ru wrote:
If a client application is behind NAT, it does not have a real IP address. Certificate field 'common name' is supposed to contain a fully qualified domain name or a real IP address.
Indeed, but only for server certificates.
Could the value of this field be ignored on SSL verification?
Common names of client certificates are not validated on SSL servers.
stunnel does not validate common names at all, as, unlike web browsers, it does not allow for dynamic selection of servers.
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlOakpYACgkQ/NU+nXTHMtHl/ACgyML1o6zyiv9YewtDC6ldfEYY
vq8AmwYf4evLbNCBKc0WdmYm5XEvbvN3
=Dvnl
-----END PGP SIGNATURE-----