diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2014-06-12 01:56:31 -0400 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-12 23:19:25 +0100 |
commit | a09e4d24ada871ed0e6f5e37fadd52a76b29542a (patch) | |
tree | e13ebc270eccb7e9e26f2a451dda421e6b2fa2d0 /crypto/x509v3/v3nametest.c | |
parent | abfb989fe0b749ad61f1aa4cdb0ea4f952fc13e0 (diff) |
Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).
With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
Diffstat (limited to 'crypto/x509v3/v3nametest.c')
-rw-r--r-- | crypto/x509v3/v3nametest.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c index 4cd6f36888..ad820fdfd9 100644 --- a/crypto/x509v3/v3nametest.c +++ b/crypto/x509v3/v3nametest.c @@ -11,6 +11,7 @@ static const char *const names[] = "*@example.com", "test@*.example.com", "example.com", "www.example.com", "test.www.example.com", "*.example.com", "*.www.example.com", "test.*.example.com", "www.*.com", + ".www.example.com", "*www.example.com", "example.net", "xn--rger-koa.example.com", "a.example.com", "b.example.com", "postmaster@example.com", "Postmaster@example.com", @@ -25,6 +26,11 @@ static const char *const exceptions[] = "set CN: host: [*.example.com] matches [www.example.com]", "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", "set CN: host: [*.www.example.com] matches [test.www.example.com]", + "set CN: host: [*.www.example.com] matches [.www.example.com]", + "set CN: host: [*www.example.com] matches [www.example.com]", + "set CN: host: [test.www.example.com] matches [.www.example.com]", + "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]", "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]", @@ -34,6 +40,11 @@ static const char *const exceptions[] = "set dnsName: host: [*.example.com] matches [b.example.com]", "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", + "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*www.example.com] matches [www.example.com]", + "set dnsName: host: [test.www.example.com] matches [.www.example.com]", "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]", "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]", "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", |