Re: problem with hostname matching

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with hostname matching

From:	Nikos Mavrogiannopoulos
Subject:	Re: problem with hostname matching
Date:	Mon, 28 May 2012 23:16:58 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:10.0.4) Gecko/20120510 Icedove/10.0.4

On 05/28/2012 02:33 PM, Michal Suchanek wrote:

> Hello,
> 
> I have created a cert long time ago using a howto that suggested to
> include the trailing dot in the domain name as good practice.

> The verification with gnutls_x509_crt_check_hostname now works only

> when the trailing dot is also specified in the host name.

> Is this expected behaviour?

Yes. These fields are under the "preferred named syntax" of rfc1035,
that does not allow a trailing dot.

> I am not quite sure how I would go about checking the name myself
> without using the shorthand function, either.

You have to check RFC2818 which documents the procedure. You need to
read the certificate fields of subject alternative name, common name etc.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

problem with hostname matching, Michal Suchanek, 2012/05/28
- Re: problem with hostname matching, Nikos Mavrogiannopoulos <=

Prev by Date: problem with hostname matching
Next by Date: Re: GnuTLS 3, BSD, netinet/ip.h
Previous by thread: problem with hostname matching
Index(es):
- Date
- Thread