Relax SAN DNSname validation and constraints to permit non leading * - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	beck <>	2021-04-27 03:35:29 +0000
committer	beck <>	2021-04-27 03:35:29 +0000
commit	6b2e11072ab9080846b3abc7527db20e0b4df852 (patch)
tree	4a1f8797d9eb5049de6166919597895e05f86d6c /src/lib/libssl/ssl_both.c
parent	8b55d917f6299f185307b9010616350e6d6a3d93 (diff)
download	openbsd-6b2e11072ab9080846b3abc7527db20e0b4df852.tar.gz openbsd-6b2e11072ab9080846b3abc7527db20e0b4df852.tar.bz2 openbsd-6b2e11072ab9080846b3abc7527db20e0b4df852.zip

Relax SAN DNSname validation and constraints to permit non leading *

wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@

Diffstat (limited to 'src/lib/libssl/ssl_both.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: