[openssl-dev] [openssl.org #3502] nameConstraints bypass bug
Viktor Dukhovni
openssl-users at dukhovni.org
Tue May 31 14:20:56 UTC 2016
> On May 31, 2016, at 9:54 AM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
>
>> As one example, mozilla::pkix treats the CN as a dNSName/iPAddress iif there is no subjectAltName extension and iif the CN is a valid dNSNa/iPAddress syntactically.
>
> That approach seems wrong.
Could you explain your point in more detail than putting "wrong"
in bold text? Though ad-hoc, it seems about the best one can do,
absent additional information.
--
Viktor.
More information about the openssl-dev
mailing list