[openssl-dev] [openssl.org #3502] nameConstraints bypass bug
Blumenthal, Uri - 0553 - MITLL via RT
rt at openssl.org
Tue May 31 13:55:12 UTC 2016
>> What other implementations, and what did they do? Always treating a CN as a
>> DNS name? We can't.
>
> As one example, mozilla::pkix treats the CN as a dNSName/iPAddress iif there
> is no subjectAltName extension and iif the CN is a valid dNSNa/iPAddress
> syntactically.
That approach seems wrong.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3502
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160531/d6b8f5db/attachment-0001.bin>
More information about the openssl-dev
mailing list