Olaf van der Spek wrote: > On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote: >>We can't know all the names that people will use to refer to your >>server, so this is one of the cases where you have to do stuff manually >>anyway.
> AFAIK there's an extension to HTTP to allow multiple TLS vhosts on one > host:port. In that case, there's no need to manually ask for the > common name for the certificate. > I hope the same is done for TLS in general but if not, at least > individual protocols should support this. No. This may work with STARTTLS-type protocols where protocol data is exchanged before the TLS handshake, but not https. However, there is a certificate spec extension allowing multiple vhosts. I've had some success with that, but they've been a pain to create and I have doubts about how widely this is supported in clients. IMHO, Peter's suggestion is an appropriate solution to the actual problem with packaging which is providing a sane default. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
