--On February 10, 2009 5:28:24 PM +0100 Hallvard B Furuseth h.b.furuseth@usit.uio.no wrote:
quanah@zimbra.com writes:
This is because the Cert vendors themselves don't honor the RFC's when issuing wildcard certs, and was added so that their broken wildcard certs could still be used.
In that case, maybe there should be a config option to turn this behavior on/off, and documentation which explains that it breaks TLS the standard and why it does so.
If nothing else, it may get more people to complain to the cert vendors.
I spent something like 4 hours on the phone discussing the issue with one of the cert vendors. They still didn't understand what was wrong with their cert, and to this day they still issue the same style of certs.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration