Software /
code /
prosody
Changeset
4330:520fcb333cba
util.x509: Update references to published RFCs
For TLS-CERTS, see http://tools.ietf.org/rfcdiff?url1=draft-saintandre-tls-server-id-check-10.txt&url2=rfc6125.txt
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Sun, 22 May 2011 14:06:18 -0700 |
parents | 4329:d8b2c97ae6ed |
children | 4331:9c45858e3208 |
files | util/x509.lua |
diffstat | 1 files changed, 6 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/util/x509.lua Mon Dec 06 21:46:50 2010 -0800 +++ b/util/x509.lua Sun May 22 14:06:18 2011 -0700 @@ -11,8 +11,8 @@ -- IDN libraries complicate that. --- [TLS-CERTS] - http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-10 --- [XMPP-CORE] - http://tools.ietf.org/html/draft-ietf-xmpp-3920bis-18 +-- [TLS-CERTS] - http://tools.ietf.org/html/rfc6125 +-- [XMPP-CORE] - http://tools.ietf.org/html/rfc6120 -- [SRV-ID] - http://tools.ietf.org/html/rfc4985 -- [IDNA] - http://tools.ietf.org/html/rfc5890 -- [LDAP] - http://tools.ietf.org/html/rfc4519 @@ -32,7 +32,7 @@ -- Compare a hostname (possibly international) with asserted names -- extracted from a certificate. -- This function follows the rules laid out in --- sections 4.4.1 and 4.4.2 of [TLS-CERTS] +-- sections 6.4.1 and 6.4.2 of [TLS-CERTS] -- -- A wildcard ("*") all by itself is allowed only as the left-most label local function compare_dnsname(host, asserted_names) @@ -150,7 +150,7 @@ if ext[oid_subjectaltname] then local sans = ext[oid_subjectaltname]; - -- Per [TLS-CERTS] 4.3, 4.4.4, "a client MUST NOT seek a match for a + -- Per [TLS-CERTS] 6.3, 6.4.4, "a client MUST NOT seek a match for a -- reference identifier if the presented identifiers include a DNS-ID -- SRV-ID, URI-ID, or any application-specific identifier types" local had_supported_altnames = false @@ -183,7 +183,7 @@ -- a dNSName subjectAltName (wildcards may apply for, and receive, -- cat treats) -- - -- Per [TLS-CERTS] 1.5, a CN-ID is the Common Name from a cert subject + -- Per [TLS-CERTS] 1.8, a CN-ID is the Common Name from a cert subject -- which has one and only one Common Name local subject = cert:subject() local cn = nil @@ -200,7 +200,7 @@ end if cn then - -- Per [TLS-CERTS] 4.4.4, follow the comparison rules for dNSName SANs. + -- Per [TLS-CERTS] 6.4.4, follow the comparison rules for dNSName SANs. return compare_dnsname(host, { cn }) end