On 2010-07-16 01:24 PDT, Ludwig Nussel wrote: > Kaspar Brand wrote: >> On 16.07.2010 03:04, Nelson B Bolyard wrote: >>> Can you name any browser or other important network client made in the >>> last 8 years (since RFC 3280 was published) that does SSL3 and/or TLS >>> but doesn't recognize DNS names in SANs? >> "important" is a debatable term, but I'm pretty sure that as soon as you >> leave the browser camp, you'll encounter quite a few... I didn't have to >> search for a long time, actually: take wget as an example. > > Well, I got the impression that clients using openssl are generally > in a bad shape. The complicated low level API, sparse docu and > insecure defaults create many pitfalls for the newcomer. > I hope that with the new RFC a common library that does the server > id checks could be developed though.
Some of us might claim that one already exists. -- /Nelson Bolyard _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
