|
|
|
|
|
|
by mananaysiempre
364 days ago
|
|
|
Noot quite. DNS hostnames and IP addresses are encoded differently in X.509 certs: one is the dNSName option of the GeneralName choice type in the subjectAltName extension[1], the other is the iPAddress option. (And before you ask, tagging a stringified IP address quad as a dNSName is misissuance per the CA/Browser Forum Baseline Requirements[2] and liable to get your CA kicked from certificate stores. Ambiguous encodings are dangerous.) So some explicit support from the TLS library is indeed required. But I’m indeed not aware of many apps having problems with IP address certs. [1] https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.... [2] https://cabforum.org/working-groups/server/baseline-requirem... |
|
|