X509 subject alternative name (subjectAltName) IP address field

X509v3 can contain IP address field in subject Alternative Name extension.

As an application verifying the server's identity, how should the IP address field be validated?
If both DNS name and IP address are present? Is there a preference of one over the another?
What is the use of dirName field?

I read RFC 2818 earlier but must have missed this part.

In some cases, the URI is specified as an IP address rather than a
hostname. In this case, the iPAddress subjectAltName must be present
in the certificate and must exactly match the IP in the URI.

rekire

My answer is based on my experience with TLS/SSL.

It's based upon the implementation of the certificate validation. To enforce IP address match, you have to implement that.
Whatever way you want. You could also check both.
Sorry no idea what this field does.

Have you checked the OpenSSL documentation?

来源：https://stackoverflow.com/questions/9185489/x509-subject-alternative-name-subjectaltname-ip-address-field

标签

google-chrome

OpenSSL

x509

chromium

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!