Browse files

tls: allow wildcards in common name

see #4592
  • Loading branch information...
1 parent e4598aa commit 4dd70bb12c4c7be47d661ae2e950600ed7ab560d @indutny committed Jan 14, 2013
Showing with 2 additions and 3 deletions.
  1. +2 −3 lib/tls.js
View
5 lib/tls.js
@@ -156,14 +156,13 @@ function checkServerIdentity(host, cert) {
dnsNames = dnsNames.concat(uriNames);
// And only after check if hostname matches CN
- // (because CN is deprecated, but should be used for compatiblity anyway)
var commonNames = cert.subject.CN;
if (Array.isArray(commonNames)) {
for (var i = 0, k = commonNames.length; i < k; ++i) {
- dnsNames.push(regexpify(commonNames[i], false));
+ dnsNames.push(regexpify(commonNames[i], true));
}
} else {
- dnsNames.push(regexpify(commonNames, false));
+ dnsNames.push(regexpify(commonNames, true));
}
valid = dnsNames.some(function(re) {

2 comments on commit 4dd70bb

@bnoordhuis

Doesn't it match bad.*.example.com too now?

@indutny
Owner

Yes.... you're right, again.

Please sign in to comment.