Fun new test site by way of @lgarron and @rob_comodo - https://no-subject.badssl.com/
Tests subtle behaviour from Section 4.1.2.6 of RFC 5280
-
-
it does on macOS before 10.11. Worked iff critical, now fails regardless
-
IIUC, that's a regression? In any case, I mean "is it ever worth having code that checks that SAN is marked critical in this case?"
-
Yeah, macOS regressed. As to checks on client side, you know 5280 disavows them (... despite us all doing them to stop stupidity
-
SAN being critical is an attempt to guarantee every cert has a subject or is rejected. More an ecosystem health thingo
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.