On Fri, 16 Nov 2018, Tapasvi Soni via curl-library wrote:
I want to know that multiple wildcards(*) in leftmost label of common name
of wildcard certificate are supported by curl or not. Because validation is
failing from libcurl for this certificate.
It seems it does not!
I added a simple test to unit1397.c to check (as shown below) and it fails!
I did went back and read https://tools.ietf.org/html/rfc6125#section-6.4.3
again, and it doesn't really say anything about the number of wild card
characters that we should support...
The simple fact that you're the first to report this (in quite a number of
years) could possibly be an indication that this is not a feature that is
widely used. Do browsers and other popular internet tools work with this site?
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 432b90973..9b7d3820d 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -48,10 +48,13 @@ fail_unless(Curl_cert_hostcheck("xxx*.example.com",
"xxxwww.example.com"),
"good 3");
fail_unless(Curl_cert_hostcheck("f*.example.com", "foo.example.com"),
"good 4");
fail_unless(Curl_cert_hostcheck("192.168.0.0", "192.168.0.0"),
"good 5");
+fail_unless(Curl_cert_hostcheck("oe*de*2.bedford.progress.com",
+ "oe1de12.bedford.progress.com"),
+ "good 6");
fail_if(Curl_cert_hostcheck("xxx.example.com", "www.example.com"), "bad 1");
fail_if(Curl_cert_hostcheck("*", "www.example.com"), "bad 2");
fail_if(Curl_cert_hostcheck("*.*.com", "www.example.com"), "bad 3");
fail_if(Curl_cert_hostcheck("*.example.com", "baa.foo.example.com"), "bad
4");
--
/ daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
