On Wed, Apr 26, 2017 at 1:03 PM, Blumenthal, Uri - 0553 - MITLL
wrote:
> A naïve question. A certificate that contains SAN attribute(s) – is there a
> limit on how many, say, RFC822 SAN attributes can a valid certificate have?
>
>
>
> It’s been my understanding that a cert can
confirmed, i've seen dozens on one cert - far more preferable to do
that and have such numbers than a single wildcard cert (which has
issues on all sorts of platforms
for various purposes).
alan
On 26 April 2017 at 18:24, Blumenthal, Uri - 0553 - MITLL
wrote:
> > It’s been
> It’s been my understanding that a cert can contain as many SAN attributes
as needed,
> but it appears that Apple believes it has to be only one (because
certificates with
> more than one are not processed properly).
Perhaps CAs have rarely issued email certificates with
> On Apr 26, 2017, at 1:03 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> A naïve question. A certificate that contains SAN attribute(s) – is there a
> limit
> on how many, say, RFC822 SAN attributes can a valid certificate have?
None of the standard SAN types (DNS, Email,
> A naïve question. A certificate that contains SAN attribute(s) – is there a
> limit on how many, say, RFC822 SAN attributes can a valid certificate have?
No.
> It’s been my understanding that a cert can contain as many SAN attributes as
> needed, but it appears that Apple believes it has to
A naïve question. A certificate that contains SAN attribute(s) – is there a
limit on how many, say, RFC822 SAN attributes can a valid certificate have?
It’s been my understanding that a cert can contain as many SAN attributes as
needed, but it appears that Apple believes it has to be only
yes
Sent from Mail for Windows 10
From: Murray, Ronald-1 (ANF)
Sent: Wednesday, April 26, 2017 1:25 PM
To: 'openssl-users@openssl.org'
Subject: [openssl-users] RFC2818 and subjectAltName
We had an issue a few days ago when people with the newest version of Chrome
were seeing security errors on
If you are asking me, by all means yes. Thanks for asking, I respect the value
of honesty in world that has so very few people left.
Sent from Mail for Windows 10
From: Viktor Dukhovni
Sent: Wednesday, April 26, 2017 1:55 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] RFC2818 and
> On Apr 26, 2017, at 11:55 AM, Murray, Ronald-1 (ANF)
> wrote:
>
> Our certificates, of course, only contained the Common Name (CN), with no
> subjectAltName (SAN). I solved the problem by creating new certificates and
> hacking openssl.cnf to request a SAN in the
We had an issue a few days ago when people with the newest version of Chrome
were seeing security errors on our internal sites which were using SSL
certificates signed with our internal CA. This turned out to be caused by
Google adhering to RFC2818, which says:
If a subjectAltName extension of
On 04/17/2017 06:40 PM, Matthias Ballreich wrote:
Hi there,
can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL
Support these?
Any Piece of example Code of how can i parse the data?
To my knowledge, there is direct support for the qcStatements, you must
parse it yourself.
I
> On Apr 26, 2017, at 3:39 AM, Matt Caswell wrote:
>
> I'd start by looking at the end-to-end pipe between the client SSL/TLS
> stack and the server stack and validating that the records look sane and
> unchanged at each step.
Well before that, I'd try to find out what's
On 25/04/17 22:37, craig_we...@trendmicro.com wrote:
> We have recently upgraded our product to 1.0.2k. We are getting this
> error on a packet sent to us from our browser-based user interface. I
> really need some suggestions as to how to debug this problem. I know it
> is in our code rather
13 matches
Mail list logo