On 2023-04-20, Jeremy Harris via Exim-users <exim-users@exim.org> wrote: > On 20/04/2023 06:18, Jasen Betts via Exim-users wrote: >> On 2023-04-18, Lance Lovette via Exim-users <exim-users@exim.org> wrote: >>>> This is a name mismatch: mailgun.org != mailgun.com. >>> >>> Perhaps it's time for a larger font size :) I will put on my dunce cap and >>> go sit in the corner. But shame on Mailgun for responding to .com with a >>> .org certificate! >>> >>> Lance >> >> Their .com is a cname pointing to the .org, so the same host is both >> .com and .org, but their host isn't using SNI. > > This raises the question: should the name-check be against the CNAME-resolved > name rather than the initial? Both? > I've not hunted through standards yet.
Web browsers just use the initial domain name given by the user: the resolver is treated as a black box. -- Jasen. 🇺🇦 Слава Україні -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
