[ipxe-devel] Proposed patch: support for SSL subjectAlternativeName certificates, two other useful features
Michael Brown
mcb30 at ipxe.org
Mon Mar 31 13:17:19 UTC 2014
On 25/11/13 19:12, Alex Chernyakhovsky wrote:
> Are there any other comments or concerns with this patchset? I'd love to
> see it merged.
The subjectAltName and wildcard certificate feature is now pushed:
http://git.ipxe.org/ipxe.git/commitdiff/f10726c
I'm unsure how subjectAltName is intended to be used with CMS (code
signing). The current code will accept either the commonName or any
dNSName-typed subjectAltName as a match for a certificate name, for both
TLS and CMS. It seems plausible that CMS might expect to match on
e-mail addresses (rfc822Name) rather than DNS names (dNSName), but I
can't find any definitive documentation on this. Any input welcome.
Thanks!
Michael
More information about the ipxe-devel
mailing list