Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IDNA matching for wildcards in SAN #52

Open
tiran opened this issue Jun 4, 2015 · 1 comment
Open

IDNA matching for wildcards in SAN #52

tiran opened this issue Jun 4, 2015 · 1 comment
Labels
enhancement subdomain

Comments

@tiran
Copy link

tiran commented Jun 4, 2015

Here is another test case for your awesome project. A partial wildcard in subjectAltName must not match an IDNA label. For example "x*.example.org" must not match "xn--tst-bma.example.org" (IDNA for tést.example.org).

I fixed the bug in Python and Mozilla last year:
http://bugs.python.org/issue17997
https://www.mozilla.org/en-US/security/advisories/mfsa2014-45/
@lgarron
Copy link
Collaborator

lgarron commented Jun 4, 2015

If I recall correctly, browsers don't even accept x*.example.org.
Is it even possible to get a cert like that signed by a public CA?

Either way, I'd be happy to accept a PR adding it to cert-generator.sh for a local testing.

@lgarron lgarron mentioned this issue Jun 4, 2015
Open
@lgarron lgarron mentioned this issue Aug 30, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement subdomain
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lgarron @tiran