[Issues] [mod_gnutls 0000035]: SubjectAltName not supported for Server Names

issues at outoforder.cc issues at outoforder.cc
Sat Dec 1 08:37:07 EST 2007 

The following issue has been RESOLVED. 
====================================================================== 
http://issues.outoforder.cc/view.php?id=35 
====================================================================== 
Reported By:                chip
Assigned To:                nmav
====================================================================== 
Project:                    mod_gnutls
Issue ID:                   35
Category:                   SSL/TLS Standards Issue
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     resolved
Apache Version:             unspecified 
Resolution:                 fixed
Fixed in Version:           -TRUNK
====================================================================== 
Date Submitted:             05-19-2005 10:17 EST
Last Modified:              12-01-2007 08:37 EST
====================================================================== 
Summary:                    SubjectAltName not supported for Server Names
Description: 
Currently, only the common name is checked to match when searching for a
certificate.  The SubjectAltName should also be checked for matches.  This
is required as part of RFC 2818.
====================================================================== 

---------------------------------------------------------------------- 
 urkle - 05-19-05 19:06  
---------------------------------------------------------------------- 
And the standard mod_ssl doesn't check the altsubjectname DNS records
either.  And if you do have the altsubjectname set in your Cert, Firefox
will ONLY use that and ignore common name..  (I was creating web certs
today)

Is there a bug on issues.apache.org in reference to mod_ssl?? (only 2.0.50
tested however) 

---------------------------------------------------------------------- 
 Nelson B - 03-28-06 04:23  
---------------------------------------------------------------------- 
> If you do have the altsubjectname set in your Cert, 
> Firefox will ONLY use that and ignore common name..

RFC 2818 requires that (as much as it requires anything, given that
it is merely an informational RFC and doesn't specify a standard). 

---------------------------------------------------------------------- 
 nmav - 12-01-07 08:37  
---------------------------------------------------------------------- 
Resolved in the svn repository. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
05-19-05 10:17  chip           New Issue                                    
05-19-05 10:17  chip           Apache Version            => unspecified     
05-19-05 19:06  urkle          Note Added: 0000042                          
03-28-06 04:23  Nelson B       Note Added: 0000065                          
12-01-07 08:37  nmav           Status                   new => resolved     
12-01-07 08:37  nmav           Fixed in Version          => -TRUNK          
12-01-07 08:37  nmav           Resolution               open => fixed       
12-01-07 08:37  nmav           Assigned To               => nmav            
12-01-07 08:37  nmav           Note Added: 0000099                          
======================================================================

More information about the Issues mailing list