[Help-gnutls] IDN and TLS certificates

Martin Lambers marlam at marlam.de
Fri Mar 17 10:31:11 CET 2006


I'm not sure how to handle Internationalized Domain Names when verifying
TLS certificates.

As I understand, a TLS certificate for räksmörgås.josefßon.example
should contain the value "xn--rksmrgs-5wao1o.josefsson.example" in a
subjectAltName field of type DNS, therefore an application should first
translate "räksmörgås.josefßon.example" to
"xn--rksmrgs-5wao1o.josefsson.example" before calling
gnutls_x509_crt_check_hostname(). Is this correct?


More information about the Gnutls-help mailing list