[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bug in tlso_session_chkhost?

Quanah Gibson-Mount wrote:
> --On Wednesday, May 10, 2017 4:21 PM +0100 Howard Chu <hyc@symas.com> wrote:
>> No. One or the other must match, but the CN must be an FQDN. The point of
>> alternatives is to support wildcards, aliases, and non-DNS name forms
>> (such as IP address).
> RFC reference?

RFC 6125 which in turn mentions RFC 4513.

>> Sorry but that makes no sense. "localhost" is Always.
> Wish that were true, but I've come across installations where that wasn't the case 
> (I've seen for example).  Also, on an IPv6 only machine, it could be ::1
> (Although again, I've seen it be other IPv6 addresses as well).

AFAIK is used by some Linux distributions for a hostname != 'localhost' with
non-networked status.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature