On Thu, Sep 06, 2007, Bill Janssen wrote: > > By the way, I think the hostname matching provisions of 2818 (which > is, after all, only an informational RFC, not a standard) are poorly > thought out. Many machines have more hostnames than you can shake a > stick at, and often provide certs with the wrong hostname in them > (usually because they have no way to determine what the *right* > hostname is, from inside that machine).
...which is why you pretty much need to have a canonical hostname mapped to each IP you're using on a machine. Basically, you need to map the hostname you intend to use to an IP, then do reverse-DNS to find out whether the hostname is in fact the canonical hostname. If not, you're using the wrong hostname on your cert. -- Aahz ([EMAIL PROTECTED]) <*> http://www.pythoncraft.com/ "Many customs in this life persist because they ease friction and promote productivity as a result of universal agreement, and whether they are precisely the optimal choices is much less important." --Henry Spencer http://www.lysator.liu.se/c/ten-commandments.html _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
