CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2021/04/26 21:35:30
Modified files:
lib/libcrypto/x509: x509_constraints.c
regress/lib/libcrypto/x509: constraints.c
Log message:
Relax SAN DNSname validation and constraints to permit non leading *
wildcards. While we may choose not to support them the standards
appear to permit them optionally so we can't declare a certificate
containing them invalid. Noticed by jeremy@, and Steffan Ulrich
and others. Modify the regression tests to test these cases and
not check the SAN DNSnames as "hostnames" anymore (which don't support
wildcards).
ok jsing@, tb@
