On Tue, Sep 17, 2013 at 10:28 PM, Jeffrey Walton wrote:
> ...
> If your clients are RFC 5280 compliant (such as a web browser), then
> here are the guides:
>
> Baseline: https://www.cabforum.org/Baseline_Requirements_V1_1_6.pdf
> Extended Validation: https://www.cabforum.org/Guidelines_v1_4_3.pdf
On Tue, Sep 17, 2013 at 7:02 PM, Matt Carey wrote:
> I'm having an issue doing sslbumping with what seems to be isolated to CNAMEs
> where the certificate that is getting sent by squid (currently 3.3.9) back to
> the client has the CN field set to an IP address rather then a legit subject
> in
I'm having an issue doing sslbumping with what seems to be isolated to CNAMEs
where the certificate that is getting sent by squid (currently 3.3.9) back to
the client has the CN field set to an IP address rather then a legit subject in
the x509 certificate. An example of this behavior as seen by
