Kaspar Brand wrote: > On 16.07.2010 03:04, Nelson B Bolyard wrote: > > Can you name any browser or other important network client made in the > > last 8 years (since RFC 3280 was published) that does SSL3 and/or TLS > > but doesn't recognize DNS names in SANs? > > "important" is a debatable term, but I'm pretty sure that as soon as you > leave the browser camp, you'll encounter quite a few... I didn't have to > search for a long time, actually: take wget as an example.
Well, I got the impression that clients using openssl are generally in a bad shape. The complicated low level API, sparse docu and insecure defaults create many pitfalls for the newcomer. I hope that with the new RFC a common library that does the server id checks could be developed though. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
