[ipxe-devel] Proposed patch: support for SSL subjectAlternativeName certificates, two other useful features
Jarrod Johnson
jarrod.b.johnson at gmail.com
Mon Mar 31 21:08:23 UTC 2014
What about iPAddress fields (see my patch earlier in thread)?
On Mon, Mar 31, 2014 at 9:17 AM, Michael Brown <mcb30 at ipxe.org> wrote:
> On 25/11/13 19:12, Alex Chernyakhovsky wrote:
>
>> Are there any other comments or concerns with this patchset? I'd love to
>> see it merged.
>>
>
> The subjectAltName and wildcard certificate feature is now pushed:
>
> http://git.ipxe.org/ipxe.git/commitdiff/f10726c
>
> I'm unsure how subjectAltName is intended to be used with CMS (code
> signing). The current code will accept either the commonName or any
> dNSName-typed subjectAltName as a match for a certificate name, for both
> TLS and CMS. It seems plausible that CMS might expect to match on e-mail
> addresses (rfc822Name) rather than DNS names (dNSName), but I can't find
> any definitive documentation on this. Any input welcome.
>
> Thanks!
>
> Michael
>
> _______________________________________________
> ipxe-devel mailing list
> ipxe-devel at lists.ipxe.org
> https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20140331/ebdec4b6/attachment.htm>
More information about the ipxe-devel
mailing list