2009/9/15 Sven Anders <[email protected]>: > Daniel Stenberg schrieb: >> On Tue, 15 Sep 2009, Peter Sylvester wrote: >> >>>> Issuer: CN=www.anduras.de >>>> X509v3 Subject Alternative Name: >>>> email:[email protected] >>> can you send your certificate, the above extract looks somewhat strange.
> These are only the relevant parts of the Cert. But yes, I only have an > additional > E-Mail address in the "Subject Alternative Name" section. >> To me that looks like a CN that matches and a subjectAltName that >> doesn't match, which then by the specs should be considered not a >> match. (Which is a bug fix we made for 7.19.6 so the previous versions >> did wrong.) >> >> Or am I wrong? That subjectAltName field with an email address looks >> funny to me. > Yes and No. An DNS or IP entry should match, but I can have other > entries (like email, RID, URI, otherName,...) too. > These should not considered when trying to match. OK, but is it OK to have Subject: C=DE,...C=Germany? Why do you have the country in there twice? And why no CN=hostname? Are you saying that the hostname check should not be done because there isn't one in the certificate? -- Michael Wood <[email protected]>
