[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: StartTLS with a host alias

Howard Chu writes:
> Well, there can be any number of CNs in a DN. But only the
> most-inferior RDN actually names the certificate, therefore that's the
> only one that may be used in hostname checking.

Then something (OpenSSL?) is broken.  The hostname which succeeded is in
the topmost of his RDNs which has a CN, not in the most inferior RDN.