[Patch] Non-permissive subjectAltName wildcard

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Patch] Non-permissive subjectAltName wildcard

From:	Andreas Metzler
Subject:	[Patch] Non-permissive subjectAltName wildcard
Date:	Sun, 4 May 2008 14:00:23 +0200
User-agent:	Mutt/1.5.13 (2006-08-11)

Hello,

this http://bugs.debian.org/479174 reported by Jean-Philippe Garcia
Ballester:

On 2008-05-03 Jean-Philippe Garcia Ballester <address@hidden> wrote:
> It seems too me that the subjectAltName wildcard matching has strong 
> constraints.

> First, it allows only one wildcard. Since a wildcard can only match
> a single domain component, multiple wildcards are useful (e.g.,
> *.*.example.org). I did not see in the rfc 2818 such restriction.

> Second, it only allows the wildcard to be at the beginning of the
> hostname.  Since the rfc 2818 gives “f*.com” as an example, I
> believe this is a false assert.

> Third, it only allows the wildcard to be followed by a ‘.’. This is
> not clearly stated in the rfc, but I believe it is reasonnable to
> assume that if “f*.com” is allowed, then “f*o.com” should be allowed
> as well.

> The attached patch fixes all these issues and add some tests.

gnutls26-2.2.3~rc_subject_alt_name_permissive_wildcard.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Patch] Non-permissive subjectAltName wildcard, Andreas Metzler <=
- Re: [Patch] Non-permissive subjectAltName wildcard, Nikos Mavrogiannopoulos, 2008/05/04
  - Re: [Patch] Non-permissive subjectAltName wildcard, Daniel Kahn Gillmor, 2008/05/04
  - Re: [Patch] Non-permissive subjectAltName wildcard, Jean-Philippe Garcia Ballester, 2008/05/04
    - Re: [Patch] Non-permissive subjectAltName wildcard, Nikos Mavrogiannopoulos, 2008/05/05

Prev by Date: updates in mpi
Next by Date: Re: updates in mpi
Previous by thread: updates in mpi
Next by thread: Re: [Patch] Non-permissive subjectAltName wildcard
Index(es):
- Date
- Thread