Hey gnutls'ers!
When I pass a cert and a hostname to the gnutls_x509_crt_check_hostname()
function (I'm using 2.8.1-2 on a Debian Linux here), I'm seeing a problem I'd
like your feedback on!
If the server cert has a subjectAltName field that doesn't match, but also a
CN that matches, it seems this function happily returns OK. The way I'm
reading RFC2818, that's not what it is supposed to do:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used.
Am I wrong?
--
/ daniel.haxx.se
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
