I like my SSL verification tools paranoi ... / 2009-11-25

2009-11-25 I like my SSL verification tools paranoi ...
I like my SSL verification tools paranoid, and it seems openssl s_client -verify isn't paranoid enough. The man page reports:

       The -verify option should really exit if the server verification

I'd like added "the hostname in the certificate is not verified". I ran a little test server to test for the right way to configure the SSL certificates in openldap server and noticed I got the verification to work even when I was connecting to the wrong name.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.58 2022/12/12 15:34:31 koos Exp $ in 0.009263 seconds.