[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5938) tls.c does not conform to RFC 4513

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5938) tls.c does not conform to RFC 4513
From: quanah@zimbra.com
Date: Tue, 10 Feb 2009 16:35:12 GMT


--On February 10, 2009 5:28:24 PM +0100 Hallvard B Furuseth 
<h.b.furuseth@usit.uio.no> wrote:

> quanah@zimbra.com writes:
>> This is because the Cert vendors themselves don't honor the RFC's when
>> issuing wildcard certs, and was added so that their broken wildcard
>> certs could still be used.
>
> In that case, maybe there should be a config option to turn this
> behavior on/off, and documentation which explains that it breaks TLS
> the standard and why it does so.
>
> If nothing else, it may get more people to complain to the cert vendors.

I spent something like 4 hours on the phone discussing the issue with one 
of the cert vendors.  They still didn't understand what was wrong with 
their cert, and to this day they still issue the same style of certs.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5938) tls.c does not conform to RFC 4513
Next by Date: Re: (ITS#5939) Missing close of file descriptor
Index(es):
- Chronological
- Thread