Using Common Name in certificates

Adnan Maolood me at adnano.co
Tue Nov 3 01:47:43 GMT 2020

Previous message (by thread): Licensing content for your capsule
Next message (by thread): Using Common Name in certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The documentation for the Go crypto/tls package has this to say about
using the Common Name field in certificates:

>  The legacy Common Name field is ignored unless it's a valid hostname,
>  the certificate doesn't have any Subject Alternative Names, and the
>  GODEBUG environment variable is set to "x509ignoreCN=0". Support for
>  Common Name is deprecated will be entirely removed in the future.

https://golang.org/pkg/crypto/x509/#Certificate.VerifyHostname

In light of this, should Gemini servers avoid using the Common Name for
certificates, or at least provide a Subject Alternative Name as well?
For go-gemini I had to vendor in the hostname verification code from
crypto/tls and modify it to accept common names without setting the
GODEBUG environment variable.

Previous message (by thread): Licensing content for your capsule
Next message (by thread): Using Common Name in certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list