How is the /CN= supposed to be encoded for a host/domain- name using international characters? In some specified charset (utf8?) or in the ASCII Compatible Encoded form?
I ask since in an application here (using libidn), I get the subject with X509_get_subject_name() and check the CN (or wildcard mask) against the host I connect to. If they don't match, that's an error. E.g. if I connect to www.tromsų.no, it's registered in DNS as www.xn--troms-zua.no. Should the CN be the same also? Is it an error to match the CN against www.tromsų.no too? Guessing beeing liberal is okay... BTW. is there any function in OpenSSL that can match e.g. "x*.foo.com" against "xxx.foo.com"? IDNA = Internationalizing Domain Names in Applications, RFC-3490. --gv ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]