2009/9/15 Sven Anders <[email protected]>: > Michael Wood schrieb: >> 2009/9/15 Sven Anders <[email protected]>: >> >>> Yes and No. An DNS or IP entry should match, but I can have other >>> entries (like email, RID, URI, otherName,...) too. >>> These should not considered when trying to match. >> >> OK, but is it OK to have Subject: C=DE,...C=Germany? Why do you have >> the country in there twice? And why no CN=hostname? >> > Ok, this is wrong. But it's not the cause of the problem. > >> Are you saying that the hostname check should not be done because >> there isn't one in the certificate? >> > Yes, it should then checked against the CN. > (See Peter Sylvester's first answer...)
Ah, no I was asking if you thought it should not check the hostname because in your initial message there was no CN. Now I see what you mean. -- Michael Wood <[email protected]>
