[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Pan-users] gnutls error: hostname does not match server name
|
From: |
walt |
|
Subject: |
Re: [Pan-users] gnutls error: hostname does not match server name |
|
Date: |
Thu, 03 May 2012 06:32:09 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120420 Thunderbird/12.0 |
On 05/02/2012 06:04 PM, Duncan wrote:
<interesting crypto gossip snipped>
> if the site uses self-signed certs and you accept the valid
> one, if it changes, at least to another self-signed, you'll normally get
> the usual warnings all over again, and can act accordingly.
Very good point. So pan ideally should check for consistency at least
when starting a new session, and complain only if the cert changes
between sessions.
Hm. I've never thought about it before, but any ssl client may routinely
open hundreds or even thousands of connections during a single session,
right? Does the client then trot off to verify the server cert for every
one of those thousands of connections? That's a lot of bandwidth used.
Re: [Pan-users] gnutls error: hostname does not match server name, Heinrich Müller, 2012/05/02