How is the /CN= supposed to be encoded for a host/domain- name using international characters? In some specified charset (utf8?) or in the ASCII Compatible Encoded form?
I ask since in an application here (using libidn), I get the subject with X509_get_subject_name() and check the CN (or wildcard mask) against the host I connect to. If they don't match, that's an error. E.g. if I connect to www.troms�.no, it's registered in DNS as www.xn--troms-zua.no. Should the CN be the same also? Is it an error to match the CN against www.troms�.no too? Guessing beeing liberal is okay... BTW. is there any function in OpenSSL that can match e.g. "x*.foo.com" against "xxx.foo.com"? IDNA = Internationalizing Domain Names in Applications, RFC-3490. --gv ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
