On Mon, Nov 29, 2004, Manfred Faulandt wrote: > > Many thanks for the very competent answer. We noticed the UTF8 encoding > but thought about it as a "why not?" matter (and we didn't look into a > RFC neither). > > The CA is a Microsoft Shop and Internet Explorer is happy with the > certificates they issue. I'll check their site again for somthing like a > "name rollover" certificate but as far as I remember they offer nothing > - at least not yet - in this direction. >
It looks like it doesn't support a "name rollover" certificate. IE works because it uses key ID matching as I suspected earlier. I think the only real solution is to have OpenSSLs name comparison code at least partially handle comparisons between character types. I've been looking for a good excuse to look at that code for a while. What we currently have isn't very efficient and it doesn't cope with all cases either. I may be gone for some time... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
