> This generates most of the problems, due to the simplistic
> last-century idea baked into HTTPS, that the server should know the
> name the client will talk to it as, and present a certificate for that
> name in the SSL handshake. It breaks because, for example, the client
> can say "foo", and it gets expanded to "foo.parc.com" implicitly, or
> the server can have multiple names for the same IP address.
Could you please explain why you couldn't use wildcard certificates or
multiple hostnames in subject alt name, which are standard solutions to
the problem you presented above?
--
Marko Hantula
DB Solo - The SQL Query Tool
www.dbsolo.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
