On Oct 3, 2012, at 4:10 PM, James Cloos <[email protected]> wrote: >>>>>> "NM" == Nikos Mavrogiannopoulos <[email protected]> writes: > > NM> Are there any test or even real world https sites that support DANE? > > https://jhcloos.com/ (also supports spdy).
www.kumari.net… Unfortunately the CN is *.kumari.net, and swede verify complains that that: WARNING: Name on the certificate (Subject: /serialNumber=20Vw66yC802bGJ8IiSaq/ICmQRp2wah0/C=US/O=*.kumari.net/OU=GT03082892/OU=See www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - RapidSSL(R)/CN=*.kumari.net, SubjectAltName: DNS:*.kumari.net, DNS:kumari.net) doesn't match requested hostname (www.kumari.net). I started writing a patch for swede to deal with wildcards, but then got sidetracked :-P W > > Outside of http, my MXs have TLSA RRs, too. > > -JimC > -- > James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane > _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
