9 Feb
2012
9 Feb
'12
5:47 a.m.
Matthew Newton wrote:
The client certificate on the device I'm testing with here has no Subject, and has a subjectAltName instead. This seems allowed (mandated? - the text is unclear to me) by RFC3280 s4.1.2.6.
Correctly, the TLS-Client-Cert-Subject vp is _not_ added.
Incorrectly, TLS-Client-Cert-Common-Name IS added, with the value of the common name from the issuer certificate.
Weird.
Below mini-patch only tries to add the common-name vp if it previously found a subject.
Added, thanks. Alan DeKok.