@bascule Hmm, I am pretty sure OpenSSL does check name constraints. I recall it failing a certificate chain once.
-
-
-
@ivanristic@bascule The article is wrong. Added in 0.9.8. The "issue" is that CNs do NOT follow dNSName constraints. Never specced as such -
@ivanristic@bascule NSS does now (but was bugged), and CryptoAPI does. OS X doesn't do NC at all. This is why CNs are awful. -
@ivanristic@bascule Note the Baselines require that SAN always be present, which disables the CN fallback. Also https://code.google.com/p/chromium/issues/detail?id=308330 …
End of conversation
New conversation -
-
-
.
@bascule Ignoring#X509 constraints is an#OpenSSL problem right? There is this other OS called Windows: http://blogs.technet.com/b/pki/archive/2014/03/05/constraints-what-they-are-and-how-they-re-used-1.aspx …#PKIfailsThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.