Recognize this option. Currently it's added as custom configuration.
remote-cert-tls server
From the manual:
--remote-cert-tls client|server
Require that peer certificate was signed with an explicit key usage and
extended key usage based on RFC3280 TLS rules.
This is a useful security option for clients, to ensure that the host they
connect to is a designated server.
This is an important security precaution to protect against a
man-in-the-middleattack where an authorized client attempts to connect to
another client by impersonating the server. The attack is easily prevented by
having clients verify the server certificate using any one of
--remote-cert-tls, --tls-remote, or --tls-verify.
Also there's a typo in the current warning message, it should say "could not be
parsed", the word "not" is missing.
Original issue reported on code.google.com by aleksand...@gmail.com on 22 Dec 2012 at 4:12
Original issue reported on code.google.com by
aleksand...@gmail.com
on 22 Dec 2012 at 4:12Attachments: