Matthias Wimmer wrote:
Hi Justin!Justin Karneges schrieb:Why would a connecting server present a certificate, and then invoke SASL EXTERNAL with an authzid that doesn't match what is written in the certificate? Sounds to me like a configuration problem in the connecting server that you probably shouldn't encourage.Because it is maybe connecting for service.example.com but only has a certificate for example.com. Sure this might be considered as misconfiguration - and sure as well, that it would be better to have a certificate for each domain.
I don't see why you need a separate certificate for each domain -- can't you have one domain with many instances of id-on-xmppAddr in the subjectAltName?
/psa
smime.p7s
Description: S/MIME Cryptographic Signature
