[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN

From: Thorsten Glaser
Subject: Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN
Date: Fri, 23 Jul 2004 05:41:18 +0000

Dixitur illum address@hidden scribere...

>Does this still test for the hash of the cert in SSL_CERT_DIR? Since this is

Yes, of course - the CN is tested in a totally different step.
If both (1) and (2) are fulfilled, then only the user is not warned.

(1) - certificate is trusted
(2) - certificate's CN matches hostname

>It might be an idea to be able to toggle accepting wildcard certs or being
>stricter on the matching of CN to hostname (if interested).

I don't think so; in addition to that, only very few wildcart
certificates exist, and I've never seen one where it's not
for service aliases (eg. the * matches www,ftp,snews).

>On Wed, 21 Jul 2004, Thorsten Glaser wrote:

Please don't top-post and full-quote, it wastes everyone's
traffic. Read (it
has got links to an English translation).

Currently blocking eMail from the following domains:, biz,,,, info,,, name,,,,,,,,,,,,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]