On 2014/10/06 05:53, Jeremie Courreges-Anglas wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2014/10/06 05:53:18 > > Modified files: > lib/libressl : ressl_verify.c > > Log message: > If we have to match against a wildcard in a cert, verify that it contains > at least a domain label before the tld, as in *.example.org. > Suggested by Richard Moore (rich@kde) > ok tedu@ >
There's a more complete list of domains where wildcards should be permitted/denied: https://publicsuffix.org/list/
