[stunnel-users] Client SSL certificate

Michal Trojnara Michal.Trojnara at mirt.net
Fri Jun 13 07:56:38 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

reg14 at rambler.ru wrote:
> If a client application is behind NAT, it does not have a real IP 
> address. Certificate field 'common name' is supposed to contain a 
> fully qualified domain name or a real IP address.

Indeed, but only for server certificates.

> Could the value of this field be ignored on SSL verification?

Common names of client certificates are not validated on SSL servers.

stunnel does not validate common names at all, as, unlike web
browsers, it does not allow for dynamic selection of servers.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOakpYACgkQ/NU+nXTHMtHl/ACgyML1o6zyiv9YewtDC6ldfEYY
vq8AmwYf4evLbNCBKc0WdmYm5XEvbvN3
=Dvnl
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list