cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: [PATCH]add --dont-verify-CN option to the command line tool

From: G�tz Babin-Ebell <babin-ebell_at_trustcenter.de>
Date: Tue, 03 Jun 2003 15:21:45 +0200

Hello Torsten,

Torsten Foertsch wrote:
> the patch below adds a --dont-verify-CN option to the command line curl.
>
> Normally curl verifies the common name part of the peer certificate to match
> the requested host name. This prevents connections to SSL hosts by IP address
> or by a name that differs from the certificate's Common Name.

I think it would be better to add a name that is checked
against the DN of the certificate.

Meaning:
Host name: some.com
CN of DN: *.company.com
set name: www.company.com

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on 2003-06-03

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: How to get a statically linked curl"
Previous message: Torsten Foertsch: "Re: https://localhost"
In reply to: Torsten Foertsch: "[PATCH]add --dont-verify-CN option to the command line tool"
Next in thread: Torsten Foertsch: "[PATCH]add --peer-CN-regex option to the command line tool"
Reply: Torsten Foertsch: "[PATCH]add --peer-CN-regex option to the command line tool"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]