Relax SAN DNSname validation and constraints to permit non leading * - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	beck <>	2021-04-27 03:35:29 +0000
committer	beck <>	2021-04-27 03:35:29 +0000
commit	05d12eaff3684c531b3d36e69fa663830294b6bd (patch)
tree	4a1f8797d9eb5049de6166919597895e05f86d6c /src/lib/libssl/tls12_key_schedule.c
parent	ebe128ca73ce7d178a186b93684c8bf8577f3b80 (diff)
download	openbsd-05d12eaff3684c531b3d36e69fa663830294b6bd.tar.gz openbsd-05d12eaff3684c531b3d36e69fa663830294b6bd.tar.bz2 openbsd-05d12eaff3684c531b3d36e69fa663830294b6bd.zip

Relax SAN DNSname validation and constraints to permit non leading *

wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@

Diffstat (limited to 'src/lib/libssl/tls12_key_schedule.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: