[jdev] SSL clients complaining
justin-keyword-jabber.093179 at affinix.com
Fri Apr 15 18:21:43 CDT 2005
On Friday 15 April 2005 04:07 pm, Matthias Wimmer wrote:
> Hi Justin!
> Justin Karneges schrieb:
> > Of course, not all clients perform these checks. Psi is the only one I'm
> >aware of that does this right. If anyone knows of any others, feel free
> > to mention them.
> Is Psi already checking "id-on-xmppAddr" or is it only checking "cn"? Is
> it checking the domain against multiple id-on-xmppAddr/cn values present
> int the certificate or just against one of them?
Only Common Name for now, and only for single values. These are not security
risks, but they are details that needs to be addressed.
For what it's worth, I added support for XMPP OtherName and multiple values
into QCA last month. When Psi switches over to QCA v2 later this year, it
will have these capabilities.
More information about the JDev