Fastream Technologies wrote: > Arno, > On Mon, Aug 1, 2011 at 17:56, Arno Garrels <arno.garr...@gmx.de> > wrote: > >> Fastream Technologies wrote: >>>> What is the problem? Please be more specific. >>>> >>> >>> Honestly I am not yet sure. It is just one customer says "he could >>> not get SAN SSL cert to work". I told him to alter Accepted Hosts >>> and use the wildcard SNI domain. I asked here to learn if it is >>> supported or not. If it is not, I need to know to announce. If you >>> know a way to get it working, let me know. >> >> As far as I know there is no problem. >> OpenSSL doesn't use these certificate fields for verification, >> only TX509Base.PostConnectionCheck() and it has to be called >> explicitly. This method searchs for the passed string in fields >> subject alternative name and common name. >> >> >> > > So would the additional domains work with ICS or not? If not, what to > do? I notice our customers are getting more and more high end every > day and this is making them harder to support.
As I said, I do not see any reason why ICS/OpenSSL should not handle them correctly. If you think you found a bug please provide a simple, reproducible test case. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
