How does SSL Hostname matching work on JWS?
问题 When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to attest.android.com Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host. Does SSL signing cater for validation without previously knowing the