[ipxe-devel] Proposed patch: support for SSL subjectAlternativeName certificates, two other useful features

Jarrod Johnson jarrod.b.johnson at gmail.com
Mon Mar 31 21:08:23 UTC 2014

What about iPAddress fields (see my patch earlier in thread)?

On Mon, Mar 31, 2014 at 9:17 AM, Michael Brown <mcb30 at ipxe.org> wrote:

> On 25/11/13 19:12, Alex Chernyakhovsky wrote:
>> Are there any other comments or concerns with this patchset? I'd love to
>> see it merged.
> The subjectAltName and wildcard certificate feature is now pushed:
>   http://git.ipxe.org/ipxe.git/commitdiff/f10726c
> I'm unsure how subjectAltName is intended to be used with CMS (code
> signing).  The current code will accept either the commonName or any
> dNSName-typed subjectAltName as a match for a certificate name, for both
> TLS and CMS.  It seems plausible that CMS might expect to match on e-mail
> addresses (rfc822Name) rather than DNS names (dNSName), but I can't find
> any definitive documentation on this.  Any input welcome.
> Thanks!
> Michael
> _______________________________________________
> ipxe-devel mailing list
> ipxe-devel at lists.ipxe.org
> https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20140331/ebdec4b6/attachment.htm>

More information about the ipxe-devel mailing list