Bug 9309, if a subjectAltName extension of type dNSName is present in peer certificate,

use only the dNSNames when checking peer certificate hostname, as specified by RFC 2818. If no dNSNames are present, use subject commonName. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@534 2715db39-9adf-0310-9c64-84f055769b4b
author: Heikki Toivonen <heikki@heikkitoivonen.net> 2007-06-08 07:48:15 +0000
committer: Heikki Toivonen <heikki@heikkitoivonen.net> 2007-06-08 07:48:15 +0000
commit: f48299945df5a0ff9ff7b9b20adbbd0aa26cf12d (patch)
tree: 8d62cf88d53beae35dcfc53a5e1f3e9c50e1d4df /CHANGES
parent: f5cd5e0b037b591b11eb3afd167c8fbc362c4935 (diff)
download: m2crypto-f48299945df5a0ff9ff7b9b20adbbd0aa26cf12d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index c81b8c0..4f93f10 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,9 @@
   means that certain things that used to fail silently will now raise an
   exception; affected m2 functions are: digest_final, cipher_init,
   cipher_update, cipher_final and sign_update
+- If a subjectAltName extension of type dNSName is present in peer certificate,
+  use only the dNSNames when checking peer certificate hostname, as specified
+  by RFC 2818. If no dNSNames are present, use subject commonName.
 - Fixed threading regressions introduced in 0.16,
   by Aaron Reizes and Keith Jackson
 - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac
author	Heikki Toivonen <heikki@heikkitoivonen.net>	2007-06-08 07:48:15 +0000
committer	Heikki Toivonen <heikki@heikkitoivonen.net>	2007-06-08 07:48:15 +0000
commit	f48299945df5a0ff9ff7b9b20adbbd0aa26cf12d (patch)
tree	8d62cf88d53beae35dcfc53a5e1f3e9c50e1d4df /CHANGES
parent	f5cd5e0b037b591b11eb3afd167c8fbc362c4935 (diff)
download	m2crypto-f48299945df5a0ff9ff7b9b20adbbd0aa26cf12d.tar.gz