Re: [stunnel-users] Client SSL certificate

13 Jun 2014


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
reg14@rambler.ru wrote:
...
...
stunnel does not validate common names at all, as, unlike web 
browsers, it does not allow for dynamic selection of servers.
If I understand the man page properly, in transparent mode stunnel 
should connect to any server that a non-SSL aware client is going
to.
You understand the man page properly, although in transparent
destination mode it would not be possible for stunnel to verify the
common name against DNS name of the server.  Why?  Because stunnel
does not know the target server's DNS name, only its IP address.  Only
the original client knows the server name that resolved to this IP
address.
Mike
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOaqkAACgkQ/NU+nXTHMtFB6gCg8TFgyzDk4hkOYFscfF9KRBN/
hesAn0tG3hv1zsRX1Avqtpk69nCc9elQ
=qSPH
-----END PGP SIGNATURE-----

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] Client SSL certificate