[ipxe-devel] Wildcard HTTPS cert support.
Michael Brown
mbrown at fensystems.co.uk
Fri Sep 6 16:35:10 UTC 2013
On 06/09/13 16:53, Nicolas Sylvain wrote:
> From http://tools.ietf.org/html/rfc2818 I see "
>
> Names may contain the wildcard character * which is considered to match
> any single domain name component or component fragment. E.g., *.a.com
> <http://a.com> matches foo.a.com <http://foo.a.com> but not
> bar.foo.a.com <http://bar.foo.a.com>. f*.com matches foo.com
> <http://foo.com> but not bar.com <http://bar.com>.
> "
>
> I'm clearly not an HTTPS expert, but I'm not aware of any more rules. If
> it makes sense to you as well I can fix my patch to implement it.
> (unless someone else has a better patch already).
RFC6125 section 6.4.3 seems to have some additional rules. It seems
unclear from the RFCs what behaviour is most expected, but it looks as
though it would be acceptable (and simple) to allow only a single
initial "*.", which should match against only the first component of the
name.
Michael
More information about the ipxe-devel
mailing list