Hi, a question about the SSL:

In SSL, the server certificate is checked by the
client as to whether the server actually holds the
private key of it. This is done by client sending the
session key signed by server's public key.

So, why there is a need for a check of domain name in
the server certificate? Shouldn't the above check be
enough?

Soner


__________________________________________________ _________________=
_________________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user pa=
nel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite=
..asp?a=3D7=20

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org