Implement wildcards for hostname checking.
19d9776ac40e
Actions

Description

Implement wildcards for hostname checking.

* src/x509.c (count_labels): New.
(check_hostname): Implement wildcards.

We support wildcards in the CN and subjectAltNames. The wildcard
must be the first label and macthes only one label.

*.org             - bad
*.example.org     - good
*.foo.example.org - good
*x.example.org    - bad
foo.*.example.org - bad
*.foo.example.org - good

The name *.example.org mactes for example

example.org
www.example.org
ftp.example.org

but not for example

ftp.foo.example.org

In general wildcard certifcates are a bad idea and should be avoided.

Provenance

• werner

Authored on Feb 20 2017, 8:37 PM

Parents

Branches

Unknown

Tags

Unknown

Path

Size

src/