[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug in tlso_session_chkhost?

--On Wednesday, May 10, 2017 4:21 PM +0100 Howard Chu <hyc@symas.com> wrote:

No. One or the other must match, but the CN must be an FQDN. The point of
alternatives is to support wildcards, aliases, and non-DNS name forms
(such as IP address).

RFC reference?

Unfortunately, I can't do an IP based cert either, since I've no idea
what "localhost" will actually map to on the system.

Sorry but that makes no sense. "localhost" is Always.

Wish that were true, but I've come across installations where that wasn't the case (I've seen for example). Also, on an IPv6 only machine, it could be ::1 (Although again, I've seen it be other IPv6 addresses as well).



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: