Re: [exim] Wildcard CN verify error

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
To: exim-users
Subject: Re: [exim] Wildcard CN verify error
On 2023-04-20, Jeremy Harris via Exim-users <exim-users@???> wrote:
> On 20/04/2023 06:18, Jasen Betts via Exim-users wrote:
>> On 2023-04-18, Lance Lovette via Exim-users <exim-users@???> wrote:
>>>> This is a name mismatch: !=
>>> Perhaps it's time for a larger font size :) I will put on my dunce cap and
>>> go sit in the corner. But shame on Mailgun for responding to .com with a
>>> .org certificate!
>>> Lance
>> Their .com is a cname pointing to the .org, so the same host is both
>> .com and .org, but their host isn't using SNI.
> This raises the question: should the name-check be against the CNAME-resolved
> name rather than the initial? Both?
> I've not hunted through standards yet.

Web browsers just use the initial domain name given by the user: the resolver is treated
as a black box.

🇺🇦 Слава Україні