[ipxe-devel] Proposed patch: support for SSL subjectAlternativeName certificates, two other useful features

Michael Brown mcb30 at ipxe.org
Mon Mar 31 13:17:19 UTC 2014

On 25/11/13 19:12, Alex Chernyakhovsky wrote:
> Are there any other comments or concerns with this patchset? I'd love to
> see it merged.

The subjectAltName and wildcard certificate feature is now pushed:


I'm unsure how subjectAltName is intended to be used with CMS (code 
signing).  The current code will accept either the commonName or any 
dNSName-typed subjectAltName as a match for a certificate name, for both 
TLS and CMS.  It seems plausible that CMS might expect to match on 
e-mail addresses (rfc822Name) rather than DNS names (dNSName), but I 
can't find any definitive documentation on this.  Any input welcome.



More information about the ipxe-devel mailing list