On Jan 3, 2013, at 3:56 PM, Dan Langille <dan AT langille DOT org> wrote:
> Comments? Ideas?
Hmm. When I wrote the documentation (or, at least, the article that was turned
into the documentation), I may have been thinking that client->server
communications would -always- verify the peer's certificate, and that 'TLS
Verify Peer' would only be used to verify optional client certificates.
Or, perhaps that was how I originally implemented it, and then it changed. It's
been a long time.
Either way, it certainly seems to be the case now that it controls verification
of the "peer", regardless of whether the peer is a client or a server (in the
TLS sense). My one concern is if the implementation is not automatically
matching the certificate's CN against the supplied host name to which it is
connecting, and instead relying on 'TLS Allowed CN'.
-landonf
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|