On 3/15/2012 7:04 PM, pankaj jain wrote:
Hi,
I am using openssl-0.9.8 release;
I could not find any documentation if it supports RFC-5280.
basically I am looking for the answers about following capabilities:
1. While receiving a certificate can I extract the canonical hostname
from the subjectCommonName (CN) if (and only if) it is not present in
the subjectAltName.
I believe all OpenSSL versions ever allow you to see both the CN
and all the subjectAltName's and make your own decisions.
Note that whatever RFC5280 may say, the Postel principle implies
that you should accept the certificate as valid even if it has a list
of subjectAltName attributes that do not duplicate the CN, as this
appears to be the common practice in certificates currently issued
by trusted public CAs.
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
