Re: [Openvpn-devel] [PATCH] openssl: alternative names support for --verify-x509-name CN checks

David Sommerseth Wed, 12 Feb 2020 07:02:57 -0800

On 12/02/2020 15:39, Arne Schwabe wrote:
>> +bool
>> +x509v3_is_host_in_alternative_names(mbedtls_x509_crt *cert, const char
>> *host, bool *has_alt_names)
>> +{
>> +    msg(M_WARN, "Missing support for subject alternative names in
>> mbedtls.");


I'm not happy about this at all.  This should be possible to achieve with
mbed TLS as well:
<https://tls.mbed.org/api/structmbedtls__x509__crt.html#a1f148e8fb52e03e2604e716386a07df4>

One starting point for this can probably found here:
<https://tls.mbed.org/api/group__x509__module.html#ga033567483649030f7f859db4f4cb7e14>


-- 
kind regards,

David Sommerseth
OpenVPN Inc



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] openssl: alternative names support for --verify-x509-name CN checks

Reply via email to