[openstack-dev] [OSSG] SSL Review (Clark, Robert Graham)

Kevin L. Mitchell kevin.mitchell at rackspace.com
Tue Oct 30 15:56:02 UTC 2012

Previous message: [openstack-dev] [OSSG] SSL Review (Clark, Robert Graham)
Next message: [openstack-dev] [OSSG] SSL Review (Clark, Robert Graham)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2012-10-30 at 15:43 +0000, Clark, Robert Graham wrote:
> In this context yes, when I (or my esteemed colleague Stuart) mention
> CNAME we actually mean the x509 Common Name otherwise referred to as
> CN.
> 
> You make a good point around subjectAlternativeNames, whenever a
> certificate is presented we should check against the CN and the SANs,
> if
> the certificate has SANs.

My recent reading suggests that, if present, SubjectAltNames should be
preferred over CommonName [1].  Something to think about…

[1] http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
-- 
Kevin L. Mitchell <kevin.mitchell at rackspace.com>

Previous message: [openstack-dev] [OSSG] SSL Review (Clark, Robert Graham)
Next message: [openstack-dev] [OSSG] SSL Review (Clark, Robert Graham)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the OpenStack-dev mailing list