Daniel Stenberg schrieb:
> On Tue, 15 Sep 2009, Peter Sylvester wrote:
>
>>> Issuer: CN=www.anduras.de
>>> X509v3 Subject Alternative Name:
>>> email:yyy_at_anduras.de
>> can you send your certificate, the above extract looks somewhat strange.
These are only the relevant parts of the Cert. But yes, I only have an
additional
E-Mail address in the "Subject Alternative Name" section.
> To me that looks like a CN that matches and a subjectAltName that
> doesn't match, which then by the specs should be considered not a
> match. (Which is a bug fix we made for 7.19.6 so the previous versions
> did wrong.)
>
> Or am I wrong? That subjectAltName field with an email address looks
> funny to me.
Yes and No. An DNS or IP entry should match, but I can have other
entries (like email, RID, URI, otherName,...) too.
These should not considered when trying to match.

Regards
 Sven Anders

-- 
 Sven Anders <anders_at_anduras.de>                 () Ascii Ribbon Campaign
                                                 /\ Support plain text e-mail
 ANDURAS service solutions AG
 Innstraße 71 - 94036 Passau - Germany
 Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55
Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032
Mitglieder des Vorstands: Sven Anders, Marcus Junker
Vorsitzender des Aufsichtsrats: Mark Peters