[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN
From: |
Thorsten Glaser |
Subject: |
Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN |
Date: |
Fri, 23 Jul 2004 05:41:18 +0000 |
Dixitur illum address@hidden scribere...
>Does this still test for the hash of the cert in SSL_CERT_DIR? Since this is
Yes, of course - the CN is tested in a totally different step.
If both (1) and (2) are fulfilled, then only the user is not warned.
(1) - certificate is trusted
(2) - certificate's CN matches hostname
>It might be an idea to be able to toggle accepting wildcard certs or being
>stricter on the matching of CN to hostname (if interested).
I don't think so; in addition to that, only very few wildcart
certificates exist, and I've never seen one where it's not
for service aliases (eg. the * matches www,ftp,snews).
>On Wed, 21 Jul 2004, Thorsten Glaser wrote:
Please don't top-post and full-quote, it wastes everyone's
traffic. Read http://www.afaik.de/usenet/faq/zitieren/ (it
has got links to an English translation).
//Thorsten
--
Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de,
gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net,
postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk,
tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com.