[Patch] Non-permissive subjectAltName wildcard
ametzler at downhill.at.eu.org
Sun May 4 14:00:23 CEST 2008
this http://bugs.debian.org/479174 reported by Jean-Philippe Garcia
On 2008-05-03 Jean-Philippe Garcia Ballester <giga at le-pec.org> wrote:
> It seems too me that the subjectAltName wildcard matching has strong
> First, it allows only one wildcard. Since a wildcard can only match
> a single domain component, multiple wildcards are useful (e.g.,
> *.*.example.org). I did not see in the rfc 2818 such restriction.
> Second, it only allows the wildcard to be at the beginning of the
> hostname. Since the rfc 2818 gives “f*.com” as an example, I
> believe this is a false assert.
> Third, it only allows the wildcard to be followed by a ‘.’. This is
> not clearly stated in the rfc, but I believe it is reasonnable to
> assume that if “f*.com” is allowed, then “f*o.com” should be allowed
> as well.
> The attached patch fixes all these issues and add some tests.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 13307 bytes
Desc: not available
More information about the Gnutls-devel