Ah, cool. Totally missed that in release notes. 🤦♂️ Thanks, -- Bojan
---------------------------------------- 6 June 2022 8:13:10 pm Alexander Sosedkin <asosed...@redhat.com>: On Mon, Jun 6, 2022 at 12:03 PM Bojan Smojver via devel <devel@lists.fedoraproject.org> wrote: > > Before I open a bug on this, the latest firefox/nss software that is in F36 - > is it not accepting SSL certificates without matching subjectAlternativeName > on purpose? > > I still have to complete more tests, but it seems that if SSL certificate is > issued to CN abc.example.com and if that name is not mentioned in SAN, > Firefox complains that the certificate is not for the right domain. This is > all only with most recent updates. > > Anyone else seeing similar stuff? https://www.mozilla.org/en-US/firefox/101.0/releasenotes says: > Removed "subject common name" fallback support from certificate validation. > This fallback mode was previously enabled > only for manually installed certificates. > The CA Browser Forum Baseline Requirements > have required the presence of the "subjectAltName" extension since 2012, > and use of the subject common name was deprecated in RFC 2818. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure