You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
hostname verification
About this tag
Hostname verification is a critical security check in TLS/SSL connections that ensures the certificate presented by a server matches the hostname the client intended to reach. Discussions on WindowsForum.com highlight vulnerabilities such as CVE-2020-36477 in Mbed TLS, where a bug allowed hostname verification to compare the expected hostname against any subjectAltName entry without checking its type, enabling IP-to-hostname impersonation. This underscores the importance of proper hostname verification in embedded TLS libraries and enterprise IT environments to prevent man-in-the-middle attacks. The tag covers security updates, troubleshooting, and best practices for hostname verification in Windows and cross-platform contexts.
Mbed TLS contained a subtle but consequential X.509 verification bug — tracked as CVE-2020-36477 — that allowed the library to compare the expected hostname (the cn argument passed to mbedtls_x509_crt_verify) against any entry in the certificate’s subjectAltName (SAN) extension without checking...