Philip Hazel <ph10@???> wrote:
>> I propose an expansion Variable called tls_verify_cn which sould work
>> simulat to tls_verify_certificates. This should be added to the wishlist
>> IMO.
>
> WishListed.
I thought about this a little bit further. Probably this should be
implemented in another way. It would be nice to have the full power of
string expansions for doing the Verification in a configurable way.
Thus we need a variable which can terminate the tls session based on a
string expansion.
Given this setup it would be also possible to implement things like
accepting certificates with the correct Domain but not Hostname or setting
up a hash-list containing certificate/host-name mappings.
Sven
--
C is quirky, flawed, and an enormous success
(Dennis M. Ritchie)
/me is giggls@ircnet,
http://sven.gegg.us/ on the Web
