A certificate may contain IP addresses in the SubjectAlternativeName
extension. We are now able to verify this, alternatively to the
hostname verification. This is especially useful for DNS-over-TLS
where hostnames are not known (of the resolver), but the IP addresses
are listed in the certificate.
The API change is minimal (in Authenticator.chain_of_trust) to
avoid API breakage in all users.
A certificate may contain IP addresses in the SubjectAlternativeName extension. We are now able to verify this, alternatively to the hostname verification. This is especially useful for DNS-over-TLS where hostnames are not known (of the resolver), but the IP addresses are listed in the certificate.
The API change is minimal (in Authenticator.chain_of_trust) to avoid API breakage in all users.