Hey there,
for openssl, is it necessary to include the CN in the subjectAltName
field if the latter one is present at all ?
I would expect the answer to be 'no' because I would expect the CN and
subjectAltName field to be in a 'or' relation - so either one to match
would be sufficient. Openssl (1.0.0j) complains if the subjectAltName
extension is set and does not contain the CN. As expteced, it's all good
if the extension is missing since the CN correctly contains the host
name. Also, it's working propperly once I add the CN into the
subjectAltName field but that's kind of weird - isn't it ?
Regards,
Thomas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
