Access by IP address didn't work before -- I just checked w/ Xenial / OpenSSL 1.0.0,
and it fails with certification verification error too.
IIUIC this seems reasonable - as the default certificate is the only thing the server
could send to the client without SNI (which prohibited for IP addresses) to hint/tell
the server which hostname it wants the certificate for, and the certificate owners
would need to keep the default certificate up-to-date with all IP addresses the server
could possibly serve/respond on (it seems unfeasible).
So we should be good on this particular case!
Thanks for catching this.
$ mailutil check {64.233.186.108:993/imap/ssl}INBOX
Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com
Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com
Dan,
Very good point.
Access by IP address didn't work before -- I just checked w/ Xenial / OpenSSL 1.0.0,
and it fails with certification verification error too.
IIUIC this seems reasonable - as the default certificate is the only thing the server
could send to the client without SNI (which prohibited for IP addresses) to hint/tell
the server which hostname it wants the certificate for, and the certificate owners
would need to keep the default certificate up-to-date with all IP addresses the server
could possibly serve/respond on (it seems unfeasible).
So we should be good on this particular case!
Thanks for catching this.
--
$ lsb_release -cs
xenial
$ dpkg -l | grep libssl1. | awk '{ print $2 }'
libssl1.0.0:amd64
$ mailutil check {imap.gmail. com:993/ imap/ssl} INBOX f109.1e100. net/imap} username: ^C
{cb-in-
$ host imap.gmail.com | grep -m1 address l.google. com has address 64.233.186.108
gmail-imap.
$ mailutil check {64.233. 186.108: 993/imap/ ssl}INBOX California/ L=Mountain View/O=Google LLC/CN= imap.gmail. com California/ L=Mountain View/O=Google LLC/CN= imap.gmail. com
Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=
Certificate failure for 64.233.186.108: Server name does not match certificate: /C=US/ST=