On Apr 4, 6:48 am, Eddy Nigg <eddy_n...@startcom.org> wrote: > It's trivial from the logical point of view.
That's easy for you to say. Even things that are logically trivial are easy to miss unless one goes carefully over every single step of the process. For instance, I used a little script to check certificates against private CAs for three months before I realized that validating against the CA that owns the CN is the wrong thing to do when the certificate might have matched the expected hostname using a SAN. Logically trivial, but I wasn't thinking carefully and I missed it. -- Matt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto