| ▲ | rsync 11 hours ago | |
IP address certificates are particularly interesting for iOS users who want to run their own DoH servers. A properly configured DoH server (perhaps running unbound) with a properly constructed configuration profile which included a DoH FQDN with a proper certificate would not work in iOS. The reason, it turns out, is that iOS insisted that both the FQDN and the IP have proper certificates. This is why the configuration profiles from big organizations like dns4eu and nextdns would work properly when, for instance, installed on an iphone ... but your own personal DoH server (and profile) would not. | ||
| ▲ | hypeatei 9 hours ago | parent | next [-] | |
OpenSSL is quite particular about the IP address being included in the SAN field of the cert when making a TLS connection, fwiw. iOS engineers may not have explicitly added this requirement and it might just be a side effect of using a crypto library. | ||
| ▲ | fuomag9 9 hours ago | parent | prev [-] | |
I use DoH behind a reverse proxy with my own domain daily without any kind of issue | ||