CVSROOT: /cvs Module name: src Changes by: b...@cvs.openbsd.org 2021/04/26 21:35:30
Modified files: lib/libcrypto/x509: x509_constraints.c regress/lib/libcrypto/x509: constraints.c Log message: Relax SAN DNSname validation and constraints to permit non leading * wildcards. While we may choose not to support them the standards appear to permit them optionally so we can't declare a certificate containing them invalid. Noticed by jeremy@, and Steffan Ulrich and others. Modify the regression tests to test these cases and not check the SAN DNSnames as "hostnames" anymore (which don't support wildcards). ok jsing@, tb@