> On May 30, 2018, at 4:06 PM, Jordan Brown <[hidden email]> wrote:
> And also: the certificate is unlikely to list an IP address, so it should fail hostname verification. You need to use a host name in your client connection request, not an IP address.
> (Pretty much, you don't ever want to use IP addresses in specifying TLS connections.)
True, but s_client does not do namechecks by default. You'd have
to request that behaviour with the "-verify_hostname" option. The
OP does not report doing that, so verification was likely limited
to just checking the trust chain.
A more complete invocation (with 1.1.0 or later) would be: