[openssl-dev] [openssl.org #3502] nameConstraints bypass bug
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue May 31 13:54:59 UTC 2016
>> What other implementations, and what did they do? Always treating a CN as a
>> DNS name? We can't.
>
> As one example, mozilla::pkix treats the CN as a dNSName/iPAddress iif there
> is no subjectAltName extension and iif the CN is a valid dNSNa/iPAddress
> syntactically.
That approach seems wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160531/88c5d918/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160531/88c5d918/attachment.bin>
More information about the openssl-dev
mailing list