[stunnel-users] Client SSL certificate
Michal.Trojnara at mirt.net
Fri Jun 13 07:56:38 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
reg14 at rambler.ru wrote:
> If a client application is behind NAT, it does not have a real IP
> address. Certificate field 'common name' is supposed to contain a
> fully qualified domain name or a real IP address.
Indeed, but only for server certificates.
> Could the value of this field be ignored on SSL verification?
Common names of client certificates are not validated on SSL servers.
stunnel does not validate common names at all, as, unlike web
browsers, it does not allow for dynamic selection of servers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the stunnel-users