[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] gnutls_x509_crt_check_hostname()
From: |
Daniel Stenberg |
Subject: |
[Help-gnutls] gnutls_x509_crt_check_hostname() |
Date: |
Wed, 12 Aug 2009 00:04:44 +0200 (CEST) |
User-agent: |
Alpine 2.00 (DEB 1167 2008-08-23) |
Hey gnutls'ers!
When I pass a cert and a hostname to the gnutls_x509_crt_check_hostname()
function (I'm using 2.8.1-2 on a Debian Linux here), I'm seeing a problem I'd
like your feedback on!
If the server cert has a subjectAltName field that doesn't match, but also a
CN that matches, it seems this function happily returns OK. The way I'm
reading RFC2818, that's not what it is supposed to do:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used.
Am I wrong?
--
/ daniel.haxx.se
- [Help-gnutls] gnutls_x509_crt_check_hostname(),
Daniel Stenberg <=