A recommendation has been made that code should be added in NSS to not match subject common names to "domain names" passed in by the client (browser) that appear to be IP addresses in dotted decimal form. It is not considered to be standards compliant for printable ASCII representations of IP addresses to be placed in any certificate field that is intended to hold DNS names, including the subject common name and the DNSName field of the Subject Alternative Names extension. An example may be found at https://126.96.36.199 The SSL cert has an IP address in the CN.
Assignee: kaie → nelson
Component: CA Certificates → Libraries
QA Contact: root-certs → libraries
Summary: In NSS Don't allow Common Names with IP addresses → Don't match printable IP addresses with DNS names
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 553754
You need to log in before you can comment on or make changes to this bug.