Adam Eijdenberg wrote: > I think this what "check_host_cert()" does, and as far as I can tell, > OpenSSH only passes it the hostname (not "host:port"). > > (for better or for worse, this would be roughly inline with X.509v3 > cert host matching, which also doesn't match on port numbers) If possible OpenSSH IMO should not reproduce this particular deficiency of the TLS hostname check. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev