problem with hostname matching
nmav at gnutls.org
Mon May 28 23:16:58 CEST 2012
On 05/28/2012 02:33 PM, Michal Suchanek wrote:
> I have created a cert long time ago using a howto that suggested to
> include the trailing dot in the domain name as good practice.
> The verification with gnutls_x509_crt_check_hostname now works only
> when the trailing dot is also specified in the host name.
> Is this expected behaviour?
Yes. These fields are under the "preferred named syntax" of rfc1035,
that does not allow a trailing dot.
> I am not quite sure how I would go about checking the name myself
> without using the shorthand function, either.
You have to check RFC2818 which documents the procedure. You need to
read the certificate fields of subject alternative name, common name etc.
More information about the Gnutls-help