I use site badssl.com in order to check whether I am able to catch all invalid certificates. One of the sites with invalid certificate is https://wrong.host.badssl.com/. Nevertheless if I type in cmd openssl s_client -connect wrong.host.badssl.com:443
, I receive verification OK status. How can I solve the problem?
CodePudding user response:
How can I solve the problem?
Newer versions of openssl have the option -verify_hostname
:
$ openssl s_client -connect wrong.host.badssl.com:443 \
-verify_hostname wrong.host.badssl.com
...
Verify return code: 62 (Hostname mismatch)
Older versions don't have this option and there is no way to enable the functionality in this older versions otherwise.