[stunnel-users] Client SSL certificate

• Previous message (by thread): [stunnel-users] Client SSL certificate
• Next message (by thread): [stunnel-users] OpenSSL tips header not found - version 5.02
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

reg14 at rambler.ru wrote:
>> stunnel does not validate common names at all, as, unlike web 
>> browsers, it does not allow for dynamic selection of servers.
> If I understand the man page properly, in transparent mode stunnel 
> should connect to any server that a non-SSL aware client is going
> to.

You understand the man page properly, although in transparent
destination mode it would not be possible for stunnel to verify the
common name against DNS name of the server.  Why?  Because stunnel
does not know the target server's DNS name, only its IP address.  Only
the original client knows the server name that resolved to this IP
address.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlOaqkAACgkQ/NU+nXTHMtFB6gCg8TFgyzDk4hkOYFscfF9KRBN/
hesAn0tG3hv1zsRX1Avqtpk69nCc9elQ
=qSPH
-----END PGP SIGNATURE-----

• Previous message (by thread): [stunnel-users] Client SSL certificate
• Next message (by thread): [stunnel-users] OpenSSL tips header not found - version 5.02
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]