Hi, > Great start! There are a couple of ways it could be improved (IMO): > > * it should be picking up the certificate's hostname from the > subjectAltName field, and only if that's not found look in the DN
still working on that. Net::SSLeay supports fetching the cn from the
certificate, but I am still looking for subjectAltName field support.
> * it should be able to support "wildcarded" hostnames
quite easy to implement, thanks to perl regular expressions.
> * there are some complicated rules for matching internationalized
> domain names
This is nasty stuff. As far as I know the hostname has to be converted
to punycode and then compared to the hostname. Right? Do you know of
any clever library that already does this?
> * it would be nice if it supported IP address matching too
Falls into the altSubjectName field problem: The field can be of
type 'dNSName' or of type 'iPAddress'.
> I think the subjectAltName check is pretty important.
Do you know any public available server with such a certificate? Would
make things easier to develop.
Christopher
--
======================================================
Dipl.-Ing. Christopher Odenbach
Zentrum fuer Informations- und Medientechnologien
Universitaet Paderborn
Raum N5.110
[EMAIL PROTECTED]
Tel.: +49 5251 60 5315
======================================================
pgpRNViFHfTFG.pgp
Description: PGP signature
