[Psi-Devel] wildcard certificate matching
Maciek Niedzielski
machekku at uaznia.net
Tue Mar 4 10:26:44 PST 2008
Justin Karneges pisze:
> On Tuesday 04 March 2008 6:28 am, Jesse Thompson wrote:
>> Given the following wildcard certificate:
>>
>> Common name: domain.tld, *.domain.tld
>> Domain name: *.domain.tld, domain.tld
>> XMPP name: domain.tld
>>
>> Should the certificate match all of the following JID domains?
>>
>> domain.tld
>> foo.domain.tld
>> bar.domain.tld
>>
>> Psi doesn't allow sub.domain.tld. So my question is whether this is a
>> bug with Psi, or if the certificate isn't being issued correctly (the
>> XMPP ICA in this case.)
>
> Hmm, it could be a Psi bug. Can you share the actual certificate?
I think that if there is XMPP name, it must match (in Psi) - other
fields are not checked. But I am not saying that this is the correct
behavior. There was a talk about this on Standards last week.
--
Maciek
xmpp:machekku at uaznia.net
More information about the Psi-Devel
mailing list