Victor Duchovni wrote:
The usual interpretation seems to be not an alternative in the sense
of "one more of the same", but rather "one more and possibly better
*representation* of the same".
The subject name in the certificate is an X.500 DN. What Internet
applications that want to authenticate a connection to a given host are
trying to verify is a DNS name. The convention for overloading CommonName
in X.500 DNs as candidate DNS names is a transitional hack. When DNS
names are present in the SubjectAlternativeName extension, these (with RFC
blessing) are taken to represent *ALL* the valid DNS names of the subject.
I don't have an RFC reference for such an interpretation. Anyone have
a handy reference?
RFC 3280, Section 4.2.1.7.
Thanks,
- vijay
--
Vijay K. Gurbani [EMAIL PROTECTED],research.bell-labs.com,acm.org}
Bell Laboratories, Lucent Technologies, Inc.
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
