artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 75e8f64) | patch
Relax SAN DNSname validation and constraints to permit non leading *
authorbeck <beck@openbsd.org>
Tue, 27 Apr 2021 03:35:29 +0000 (03:35 +0000)
committerbeck <beck@openbsd.org>
Tue, 27 Apr 2021 03:35:29 +0000 (03:35 +0000)
commitfd01767793028d1ff5612c60c6faf63139eb9e31
treef3b76aace5ec76b02d6390339d6af8a644fade15tree | snapshot
parent75e8f644e1a5edfdf8fa70f3544954e48e8c7f58commit | diff
Relax SAN DNSname validation and constraints to permit non leading *
wildcards. While we may choose not to support them the standards
appear to permit them optionally so we can't declare a certificate
containing them invalid. Noticed by jeremy@, and Steffan Ulrich
and others. Modify the regression tests to test these cases and
not check the SAN DNSnames as "hostnames" anymore (which don't support
wildcards).

ok jsing@, tb@
lib/libcrypto/x509/x509_constraints.c diff | blob | history
regress/lib/libcrypto/x509/constraints.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim