[Issues] [mod_gnutls 0000035]: SubjectAltName not supported for Server Names

issues at outoforder.cc issues at outoforder.cc
Thu May 19 19:06:15 EST 2005


A NOTE has been added to this issue.
======================================================================
<http://issues.outoforder.cc/view.php?id=35> 
======================================================================
Reported By:                chip
Assigned To:                
======================================================================
Project:                    mod_gnutls
Issue ID:                   35
Category:                   SSL/TLS Standards Issue
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     new
Apache Version:             unspecified
======================================================================
Date Submitted:             05-19-2005 10:17 EST
Last Modified:              05-19-2005 19:06 EST
======================================================================
Summary:                    SubjectAltName not supported for Server Names
Description: 
Currently, only the common name is checked to match when searching for a
certificate.  The SubjectAltName should also be checked for matches.  This
is required as part of RFC 2818.
======================================================================

----------------------------------------------------------------------
 urkle - 05-19-05 19:06 
----------------------------------------------------------------------
And the standard mod_ssl doesn't check the altsubjectname DNS records
either.  And if you do have the altsubjectname set in your Cert, Firefox
will ONLY use that and ignore common name..  (I was creating web certs
today)

Is there a bug on issues.apache.org in reference to mod_ssl?? (only 2.0.50
tested however)

Issue History
Date Modified  Username       Field                    Change              
======================================================================
05-19-05 10:17 chip           New Issue                                    
05-19-05 10:17 chip           Apache Version            => unspecified     
05-19-05 19:06 urkle          Note Added: 0000042                          
======================================================================




More information about the Issues mailing list