NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-01

From: Florian Weimer (WeimerCERT.Uni-Stuttgart.DE)
Date: Sun Jan 06 2002 - 02:04:23 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

K.J.MuellerEnBW.com writes:

> could it be, that the text-browsers (lynx, links, w3m) don't even
> bother comparing the actual server name to the certificate's
> "issued for" entry?

Some of them don't even have a repository of Root CAs, I think.

> Neither did any of them complain when accessing a https web page
> with a self-made certificate.

So they can't check the validity of the certificate at all.

-- 
Florian Weimer 	                  WeimerCERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]