Re: [Bacula-users] TLS Verify Peer - for client or for server?

On Jan 3, 2013, at 3:56 PM, Dan Langille <dan AT langille DOT org> wrote:

> Comments?  Ideas?

Hmm. When I wrote the documentation (or, at least, the article that was turned 
into the documentation), I may have been thinking that client->server 
communications would -always- verify the peer's certificate, and that 'TLS 
Verify Peer' would only be used to verify optional client certificates.

Or, perhaps that was how I originally implemented it, and then it changed. It's 
been a long time. 

Either way, it certainly seems to be the case now that it controls verification 
of the "peer", regardless of whether the peer is a client or a server (in the 
TLS sense). My one concern is if the implementation is not automatically 
matching the certificate's CN against the supplied host name to which it is 
connecting, and instead relying on 'TLS Allowed CN'.

-landonf
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users