Message117970
> I think it looks good except for the wildcard checking. According to
> the latest draft of that TLS id-checking RFC, you aren't supposed to
> allow the wildcard as part of a fragment. Of course this contradicts
> RFC 2818.
Well, since it is then an "error" (according to the id-checking draft)
in the certificate itself rather than the hostname we are trying to
match, it seems there would be no real issue in accepting the match
anyway. It's up to CAs to make sure that certificates conform to
whatever standard is currently in effect.
I'm also assuming RFC 2818 is in wider use than the id-checking draft;
am I wrong? |
|
Date |
User |
Action |
Args |
2010-10-04 17:19:59 | pitrou | set | recipients:
+ pitrou, zooko, janssen, orsenthil, giampaolo.rodola, vila, heikki, ahasenack, kiilerix, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker |
2010-10-04 17:19:57 | pitrou | link | issue1589 messages |
2010-10-04 17:19:57 | pitrou | create | |
|