nginx-auth-ldap icon indicating copy to clipboard operation
nginx-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon kvspb

Drop `CN-ID` (`Common Name`) validation per `RFC 9525` Service Identity in TLS

Open jsoref opened this issue 1 year ago • 0 comments

Appendix A. Changes from RFC 6125

The server identity can only be expressed in the subjectAltNames extension; it is no longer valid to use the commonName RDN, known as CN-ID in [VERIFY].

Honoring this RFC will fix the poor error message in: https://github.com/kvspb/nginx-auth-ldap/blob/83c059b73566c2ee9cbda920d91b66657cf120b7/ngx_http_auth_ldap_module.c#L1356

jsoref avatar Dec 28 '23 23:12 jsoref