[stunnel-users] Client SSL certificate

• Previous message (by thread): [stunnel-users] Client SSL certificate
• Next message (by thread): [stunnel-users] Client SSL certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

reg14 at rambler.ru wrote:
> If a client application is behind NAT, it does not have a real IP 
> address. Certificate field 'common name' is supposed to contain a 
> fully qualified domain name or a real IP address.

Indeed, but only for server certificates.

> Could the value of this field be ignored on SSL verification?

Common names of client certificates are not validated on SSL servers.

stunnel does not validate common names at all, as, unlike web
browsers, it does not allow for dynamic selection of servers.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOakpYACgkQ/NU+nXTHMtHl/ACgyML1o6zyiv9YewtDC6ldfEYY
vq8AmwYf4evLbNCBKc0WdmYm5XEvbvN3
=Dvnl
-----END PGP SIGNATURE-----

• Previous message (by thread): [stunnel-users] Client SSL certificate
• Next message (by thread): [stunnel-users] Client SSL certificate
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]