On Tue, 2010-06-01 at 11:39 -0700, Henry B. Hotz wrote: > >> While there have been few implementations checking for multiple > >> CN= parts, the guideline in rfc-2818 for subjectAltNames seems > >> to be much clearer, that there can be more than one, and more > >> than one needs to be checked. > > > > ..and multiple CNs are likely to be an error. I'd better reject this > > certificate as invalid. > > He says there are "few" implementations that accept what you consider > an error. Possibly there are zero, but I hope it's few enough we can > ignore them. (Life's complex enough as it is.)
For some test results for implementation support for multiple CNs (possibly outdated by now), see: http://wiki.cacert.org/VhostTaskForce#Interoperability_Test -- Matt _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
