On Sun, Jun 17, 2007 at 05:06:21AM +0200, Alain Spineux wrote:
> IE6 complains about the domain name not matching the certificate.
Rightly so. RFC 2818, section 3.1, paragraph 4:
Matching is performed using the matching rules specified by [RFC2459].
If more than one identity of a given type is present in the certificate
(e.g., more than one dNSName name, a match in any one of the set is
considered acceptable.) Names may contain the wildcard character
* which is considered to match any single domain name component
or component fragment. E.g., *.a.com matches foo.a.com but not
bar.foo.a.com. f*.com matches foo.com but not bar.com.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
