[Help-gnutls] gnutls_x509_crt_check

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] gnutls_x509_crt_check_hostname()

From:	Daniel Stenberg
Subject:	[Help-gnutls] gnutls_x509_crt_check_hostname()
Date:	Wed, 12 Aug 2009 00:04:44 +0200 (CEST)
User-agent:	Alpine 2.00 (DEB 1167 2008-08-23)

Hey gnutls'ers!

When I pass a cert and a hostname to the gnutls_x509_crt_check_hostname()function (I'm using 2.8.1-2 on a Debian Linux here), I'm seeing a problem I'dlike your feedback on!

If the server cert has a subjectAltName field that doesn't match, but also aCN that matches, it seems this function happily returns OK. The way I'mreading RFC2818, that's not what it is supposed to do:


    If a subjectAltName extension of type dNSName is present, that MUST
    be used as the identity. Otherwise, the (most specific) Common Name
    field in the Subject field of the certificate MUST be used.

Am I wrong?

--

 / daniel.haxx.se

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] gnutls_x509_crt_check_hostname(), Daniel Stenberg <=
- [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Simon Josefsson, 2009/08/12
- [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Simon Josefsson, 2009/08/12
  - [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Daniel Stenberg, 2009/08/12
    - [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Simon Josefsson, 2009/08/12
    - [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Simon Josefsson, 2009/08/13
    - [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Simon Josefsson, 2009/08/13
    - [Help-gnutls] Re: gnutls_x509_crt_check_hostname(), Daniel Stenberg, 2009/08/13

Prev by Date: [Help-gnutls] GnuTLS 2.8.2
Next by Date: [Help-gnutls] Re: gnutls_x509_crt_check_hostname()
Previous by thread: [Help-gnutls] GnuTLS 2.8.2
Next by thread: [Help-gnutls] Re: gnutls_x509_crt_check_hostname()
Index(es):
- Date
- Thread