On 10/15/05, Thomas Viehmann <[EMAIL PROTECTED]> wrote: > Olaf van der Spek wrote: > > On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote: > >>We can't know all the names that people will use to refer to your > >>server, so this is one of the cases where you have to do stuff manually > >>anyway. > > > AFAIK there's an extension to HTTP to allow multiple TLS vhosts on one > > host:port. In that case, there's no need to manually ask for the > > common name for the certificate. > > I hope the same is done for TLS in general but if not, at least > > individual protocols should support this. > No. This may work with STARTTLS-type protocols where protocol data is > exchanged before the TLS handshake, but not https. However, there is a
Isn't that exactly what the HTTP extension is about? > certificate spec extension allowing multiple vhosts. I've had some > success with that, but they've been a pain to create and I have doubts > about how widely this is supported in clients. > > IMHO, Peter's suggestion is an appropriate solution to the actual > problem with packaging which is providing a sane default.
