-
Bug
-
Resolution: Fixed
-
P3
-
unknown
-
None
-
ventura
-
generic
-
generic
jdn points out:
We need to change the verify method to allow
for more than one host name from the server
certificate. New certs may include a "subject
alternative name" extension which can include
additional dnsName fields. The most obvious change
is to make the cert host field an array of String.
An alternative is to give up and just pass the cert
but that means the implementor of verify has to root
around in the cert looking for host names.
I believe there is an internet draft in
/home/internet/internet-drafts/*tls* which
describes the cert name matching rule for certs
with subject alt name fields.
We need to change the verify method to allow
for more than one host name from the server
certificate. New certs may include a "subject
alternative name" extension which can include
additional dnsName fields. The most obvious change
is to make the cert host field an array of String.
An alternative is to give up and just pass the cert
but that means the implementor of verify has to root
around in the cert looking for host names.
I believe there is an internet draft in
/home/internet/internet-drafts/*tls* which
describes the cert name matching rule for certs
with subject alt name fields.