On Wed, Sep 12, 2007 at 09:45:07PM -0700, Rodney Thayer wrote:
> > Anyway, it certainly does if you setup the connection, and then wrap
> > OpenSSL around an existing network connection. Not sure which release
> > is need for support for making V6 connections from OpenSSL itself.
> >
>
> the issues I know of are:
>
> does the v6 subjectaltname field parse properly
The CHANGELOG for 0.9.8 includes:
*) IPv6 support for certificate extensions. The various extensions
which use the IP:a.b.c.d can now take IPv6 addresses using the
formats of RFC1884 2.2 . IPv6 addresses are now also displayed
correctly.
[Steve Henson]
> do implementations do the dns reverse lookup thing
No, obtaining the correct peer name to check in certificates is the
responsibility of the application, not the library.
> can you buy a certificate from a retail certificate authority
Not an OpenSSL question.
> and then of course there would be the question of whether the underlying
> protocol stack sufficiently supported the BIO code and all that.
For established connections, the BIO layer does not care whether the
socket is V4 or V6 or even a socket for that matter.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
