Your message dated Sun, 4 May 2008 14:00:23 +0200
with message-id <[email protected]>
has caused the report #479174,
regarding [gnutls26] Non-permissive subjectAltName wildcard
to be marked as having been forwarded to the upstream software
author(s) [email protected]
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
[Patch] Non-permissive subjectAltName wildcard
Sun, 4 May 2008 14:00:23 +0200
this http://bugs.debian.org/479174 reported by Jean-Philippe Garcia
On 2008-05-03 Jean-Philippe Garcia Ballester <[email protected]> wrote:
> It seems too me that the subjectAltName wildcard matching has strong
> First, it allows only one wildcard. Since a wildcard can only match
> a single domain component, multiple wildcards are useful (e.g.,
> *.*.example.org). I did not see in the rfc 2818 such restriction.
> Second, it only allows the wildcard to be at the beginning of the
> hostname. Since the rfc 2818 gives âf*.comâ as an example, I
> believe this is a false assert.
> Third, it only allows the wildcard to be followed by a â.â. This is
> not clearly stated in the rfc, but I believe it is reasonnable to
> assume that if âf*.comâ is allowed, then âf*o.comâ should be allowed
> as well.
> The attached patch fixes all these issues and add some tests.
Description: Text Data
--- End Message ---