P3
There were several places where we talk about URLs, when we really mean hostnames. So suggest the following changes:
For example, the host name in a URL should match the host name in the peer's credentials. An application could be exploited with URL spoofing if the host name is not verified.
Remove "...in a URL..." and change "URL Spoofing" to "host name spoofing".
Later in:
The SSLSocket and SSLEngine classes do not automatically verify that the host name in a URL matches the host name in the peer's credentials.
Remove "...in a URL..."
An application could be exploited with URL spoofing if the host name is not verified.
Remove "URL" and replace with "host name".
For example, the host name in a URL should match the host name in the peer's credentials. An application could be exploited with URL spoofing if the host name is not verified.
Remove "...in a URL..." and change "URL Spoofing" to "host name spoofing".
Later in:
The SSLSocket and SSLEngine classes do not automatically verify that the host name in a URL matches the host name in the peer's credentials.
Remove "...in a URL..."
An application could be exploited with URL spoofing if the host name is not verified.
Remove "URL" and replace with "host name".