The LQ Wiki is now an OpenID Consumer
February 28, 2007 Leave a comment
As promised, the LQ Wiki now allows you to log in using OpenID. You can convert an existing account if you have one, or simply login with an OpenID as a completely new user and start editing. I’d like to thank Evan, whose extension made adding this relatively painless. One thing to be aware of if you are thinking about implementing OpenID (you should be) and are planning to use curl. Some versions deal with RFC 2818 – 3.1 Server Identity differently than others. A snippet:
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
What does that mean to you? Well, I was using jeremy.lq.myopenid.com to test. In some implementations of curl (7.12.1 in this case), the *.myopenid.com cert works fine for that domain. In other implementations (7.10.6 in this case), you get a error:
certificate subject name ‘*.myopenid.com’ does not match target host name ‘jeremy.lq.myopenid.com’
Just something to be aware of as many of the gratis OpenID providers seem to allow this situation to happen. Hopefully you’ll come across this blog post before banging your head on your desk for 10 minutes wondering why code works in some places and not others.