[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS with a host alias

To: Howard Chu <hyc@symas.com>
Subject: Re: StartTLS with a host alias
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sat, 7 Jun 2008 22:11:26 +0200
Cc: robertminsk@yahoo.com, openldap-software@openldap.org
In-reply-to: <484AE958.9040406@symas.com>
References: <516293.97051.qm@web32503.mail.mud.yahoo.com> <hbf.20080607pwxf@bombur.uio.no> <484AE958.9040406@symas.com>

Howard Chu writes:
> Well, there can be any number of CNs in a DN. But only the
> most-inferior RDN actually names the certificate, therefore that's the
> only one that may be used in hostname checking.

Then something (OpenSSL?) is broken.  The hostname which succeeded is in
the topmost of his RDNs which has a CN, not in the most inferior RDN.

-- 
Hallvard

Follow-Ups:
- Re: StartTLS with a host alias
  - From: Howard Chu <hyc@symas.com>

References:
- StartTLS with a host alias
  - From: Robert Minsk <robertminsk@yahoo.com>
- Re: StartTLS with a host alias
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: StartTLS with a host alias
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: StartTLS with a host alias
Next by Date: Re: StartTLS with a host alias
Index(es):
- Chronological
- Thread