curl-library
Re: subjectAltName does not match - Wrong test?!
From: Sven Anders <anders_at_anduras.de>
Date: Tue, 15 Sep 2009 11:40:05 +0200
Received on 2009-09-15
Date: Tue, 15 Sep 2009 11:40:05 +0200
Michael Wood schrieb:
> 2009/9/15 Sven Anders <anders_at_anduras.de>:
>
>> Yes and No. An DNS or IP entry should match, but I can have other
>> entries (like email, RID, URI, otherName,...) too.
>> These should not considered when trying to match.
>>
>
> OK, but is it OK to have Subject: C=DE,...C=Germany? Why do you have
> the country in there twice? And why no CN=hostname?
>
>
Ok, this is wrong. But it's not the cause of the problem.
> Are you saying that the hostname check should not be done because
> there isn't one in the certificate?
>
>
Yes, it should then checked against the CN.
(See Peter Sylvester's first answer...)
Regards
Sven
--
Sven Anders <anders_at_anduras.de> () Ascii Ribbon Campaign
/\ Support plain text e-mail
ANDURAS service solutions AG
Innstraße 71 - 94036 Passau - Germany
Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55
Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032
Mitglieder des Vorstands: Sven Anders, Marcus Junker
Vorsitzender des Aufsichtsrats: Mark Peters
- text/x-vcard attachment: anders.vcf
- application/pgp-signature attachment: OpenPGP digital signature