Ah, cool. Totally missed that in release notes. 🤦♂️ Thanks, -- Bojan ---------------------------------------- 6 June 2022 8:13:10 pm Alexander Sosedkin <asosedkin@xxxxxxxxxx>: On Mon, Jun 6, 2022 at 12:03 PM Bojan Smojver via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Before I open a bug on this, the latest firefox/nss software that is in F36 - is it not accepting SSL certificates without matching subjectAlternativeName on purpose? > > I still have to complete more tests, but it seems that if SSL certificate is issued to CN abc.example.com and if that name is not mentioned in SAN, Firefox complains that the certificate is not for the right domain. This is all only with most recent updates. > > Anyone else seeing similar stuff? https://www.mozilla.org/en-US/firefox/101.0/releasenotes says: > Removed "subject common name" fallback support from certificate validation. > This fallback mode was previously enabled > only for manually installed certificates. > The CA Browser Forum Baseline Requirements > have required the presence of the "subjectAltName" extension since 2012, > and use of the subject common name was deprecated in RFC 2818. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
