Perhaps on your home planet this is indeed true, but here on Earth there can be multiple CN's in the subject field of a valid X509 certificate. Check out section 3.1 of RFC2818 for an how to match against these for HTTP over TLS.
Maybe you are confusing DN's with CN's. Phone home to find out :) ====================== Greg Stark [EMAIL PROTECTED] ====================== ----- Original Message ----- From: "Michael Sierchio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 05, 2001 7:59 PM Subject: Re: your mail > Gregory Stark wrote: > > > > A certificate can have multiple common names; many applications support > > this. You need to be comfortable using the openssl configuration file > > syntax; here is a short snippet of one showing multiple common names: > > What kind of certificate are you referring to? An X.509 cert? On my home > planet we only permit one CN in a valid cert. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
