- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.

commit: 4d2c1243b12699b8e0a4901c976274155dcd71a9 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Thu May 10 14:12:46 2012 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu May 10 14:12:46 2012 +0000
tree: 88ed0d5fd79c30fb6079c06d426a20fa40e997ad
parent: d14cd35ececf3c783f30b242a080de479d36f61c [diff] [blame]
diff --git a/programs/ssl/test-ca/gen_test_ca.sh b/programs/ssl/test-ca/gen_test_ca.sh
index dd29eeb..65cf9aa 100755
--- a/programs/ssl/test-ca/gen_test_ca.sh
+++ b/programs/ssl/test-ca/gen_test_ca.sh

@@ -63,7 +63,7 @@
 
 cat sslconf.txt > sslconf_use.txt;echo "CN=www.example.com" >> sslconf_use.txt
 echo "[ v3_req ]" >> sslconf_use.txt
-echo "subjectAltName = \"DNS:www.example.com,DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
+echo "subjectAltName = \"DNS:example.com,DNS:example.net,DNS:*.example.org\"" >> sslconf_use.txt
 openssl req -config sslconf_use.txt -new -key cert_digest.key -out cert_example_multi.req -reqexts "v3_req"
 
 echo "Signing requests"
commit	4d2c1243b12699b8e0a4901c976274155dcd71a9	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Thu May 10 14:12:46 2012 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu May 10 14:12:46 2012 +0000
tree	88ed0d5fd79c30fb6079c06d426a20fa40e997ad
parent	d14cd35ececf3c783f30b242a080de479d36f61c [diff] [blame]