[Date Prev][Date Next]
Re: (ITS#5938) tls.c does not conform to RFC 4513
On Feb 10, 2009, at 8:29 AM, firstname.lastname@example.org wrote:
> email@example.com writes:
>> This is because the Cert vendors themselves don't honor the RFC's
>> issuing wildcard certs, and was added so that their broken wildcard
>> certs could still be used.
> In that case, maybe there should be a config option to turn this
> behavior on/off, and documentation which explains that it breaks TLS
> the standard and why it does so.
I think it reasonable to be liberal in what we accept in this
It's not like someone is actually going to name a host '*'. If they
do, their certificate matching more hosts than they expect will be
just one of many problems they face.
> If nothing else, it may get more people to complain to the cert
Far more persons would complain to the OpenLDAP Project.