Drop `CN-ID` (`Common Name`) validation per `RFC 9525` Service Identity in TLS

kvspb / nginx-auth-ldap

LDAP authentication module for nginx

BSD 2-Clause "Simplified" License

731 stars 251 forks source link

Drop `CN-ID` (`Common Name`) validation per `RFC 9525` Service Identity in TLS #254

Open jsoref opened 6 months ago

jsoref commented 6 months ago

Appendix A. Changes from RFC 6125

The server identity can only be expressed in the subjectAltNames extension; it is no longer valid to use the commonName RDN, known as CN-ID in [VERIFY].

Honoring this RFC will fix the poor error message in: https://github.com/kvspb/nginx-auth-ldap/blob/83c059b73566c2ee9cbda920d91b66657cf120b7/ngx_http_auth_ldap_module.c#L1356