Issue 28191: Support RFC4985 SRVName in SAN name (original) (raw)
Issue28191
Created on 2016-09-17 18:15 by christian.heimes, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Files | |||
|---|---|---|---|
| File name | Uploaded | Description | Edit |
| Add-RFC4985-SRVName-to-SAN.patch | christian.heimes,2016-09-17 20:55 | review |
| Messages (3) | ||
|---|---|---|
| msg276810 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2016-09-17 18:15 |
| The standard subject alternative DNS name contains only a relationship between a cert and a host name. A host may have multiple services like HTTPS web server, IMAP server, mail servers etc. https://tools.ietf.org/html/rfc4985 defines a mechanism to define a relationship between a X.509 cert, a DNS name and a service, e.g. _https.www.example.org for service https on www.example.org. OpenSSL is not yet able to convert a RFC4985 SRVName to a string. I have a patch, https://github.com/tiran/cpython/commits/feature/ssl_srvname | ||
| msg301490 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2017-09-06 17:26 |
| In the future, hostname matching will be handled by OpenSSL. Let's not over-complicate our implementation. | ||
| msg301500 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2017-09-06 19:26 |
| FYI, I opened an upstream PR in OpenSSL to add SRVName: https://github.com/openssl/openssl/pull/4342 |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:37 | admin | set | github: 72378 |
| 2017-09-06 19:26:32 | christian.heimes | set | messages: + |
| 2017-09-06 17:26:48 | christian.heimes | set | status: open -> closedresolution: postponedmessages: + stage: patch review -> resolved |
| 2016-09-18 11:13:07 | christian.heimes | link | issue28196 dependencies |
| 2016-09-17 20:55:41 | christian.heimes | set | files: + Add-RFC4985-SRVName-to-SAN.patchkeywords: + patch |
| 2016-09-17 18:15:02 | christian.heimes | create |