Gervase Markham wrote:
* is easy - you just display the root. So *.mozilla.org would display "mozilla.org".
Are there any other options other than * and |? Which standard covers such things?
The original specification for DNSname regular expressions may be seen at http://wp.netscape.com/eng/security/ssl_2.0_certificate.html#CA . Scroll up to the section named "Subject Common Name" immediately preceeding the section to which that link takes you. The regular expression grammar defined there is a superset of that in RFC 2818. mozilla (FF) implements that specification, having inherited that implementation from its predecessor.
RFC 2818 (which is informational, NOT a proposed standard, but which reads like a proposed standard) in section 3.1 only allows * (not |) and that is all IE supports.
BTW, I believe FF's present behavior of showing the user-selected DNSname, given that it matches one of the cert's DNSnames, is the correct behavior.
However, I have seen cases where the name shown in the status bar and in related security dialogs did NOT match the name in the requested URL. There are bugs filed about this.
-- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
