On Oct 3, 2012, at 6:22 PM, Warren Kumari wrote: > > On Oct 3, 2012, at 4:10 PM, James Cloos <[email protected]> wrote: > >>>>>>> "NM" == Nikos Mavrogiannopoulos <[email protected]> writes: >> >> NM> Are there any test or even real world https sites that support DANE? >> >> https://jhcloos.com/ (also supports spdy). > > www.kumari.net… > > Unfortunately the CN is *.kumari.net, and swede verify complains that that: > WARNING: Name on the certificate (Subject: > /serialNumber=20Vw66yC802bGJ8IiSaq/ICmQRp2wah0/C=US/O=*.kumari.net/OU=GT03082892/OU=See > www.rapidssl.com/resources/cps (c)11/OU=Domain Control Validated - > RapidSSL(R)/CN=*.kumari.net, SubjectAltName: DNS:*.kumari.net, > DNS:kumari.net) doesn't match requested hostname (www.kumari.net). > > > I started writing a patch for swede to deal with wildcards, but then got > sidetracked :-P > > W
Seems to me like the patch should just comment out the whole part that checks the CN, since that's an application-layer issue, not a DANE issue. Doesn't seem *that* harmful to throw a warning, though. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
