Commits
Andy Green authored e7bf0aa1dca
client confirm server hostname in cert Openssl v1.0.2 and above have support for checking the hostname the client side connected to against the hostname on the cert the server presented. This enables that feature if the necessary API is available in the openssl version, meaning the connection will fail at ssl negotiation if the cert isn't for the requested server It's very easy to test, add a fake entry to /etc/hosts for the server IP with a different name, using that will fail at ssl but using the correct dns name matching the certificate will work.