I like my SSL verification tools paranoi ... / 2009-11-25

2009-11-25 I like my SSL verification tools paranoi ... 9 years ago
I like my SSL verification tools paranoid, and it seems openssl s_client -verify isn't paranoid enough. The man page reports:
BUGS

       The -verify option should really exit if the server verification
       fails.

I'd like added "the hostname in the certificate is not verified". I ran a little test server to test for the right way to configure the SSL certificates in openldap server and noticed I got the verification to work even when I was connecting to the wrong name.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.003856 seconds.