Quanah Gibson-Mount wrote: > --On Wednesday, May 10, 2017 4:21 PM +0100 Howard Chu <email@example.com> wrote: > >> No. One or the other must match, but the CN must be an FQDN. The point of >> alternatives is to support wildcards, aliases, and non-DNS name forms >> (such as IP address). > > RFC reference? RFC 6125 which in turn mentions RFC 4513. >> Sorry but that makes no sense. "localhost" is 127.0.0.1. Always. > > Wish that were true, but I've come across installations where that wasn't the case > (I've seen 127.0.0.2 for example). Also, on an IPv6 only machine, it could be ::1 > (Although again, I've seen it be other IPv6 addresses as well). AFAIK 127.0.0.2 is used by some Linux distributions for a hostname != 'localhost' with non-networked status. Ciao, Michael.
Description: S/MIME Cryptographic Signature