K.J.Mueller@EnBW.com writes: > could it be, that the text-browsers (lynx, links, w3m) don't even > bother comparing the actual server name to the certificate's > "issued for" entry? Some of them don't even have a repository of Root CAs, I think. > Neither did any of them complain when accessing a https web page > with a self-made certificate. So they can't check the validity of the certificate at all. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
