TLS doesn't check subject.CN for wildcard #4255
Conversation
Allow CN to be checked for wildcard
@bnoordhuis @indutny Thoughts? |
@NodePing It seems fine to me, but please add a test. |
I think it cannot contain wildcard according to specification... Is it so widely used? |
We're seeing it on more than a few DigiCert and Thawte certificates but I don't have any stats for how widely it is used. |
Well, it's not really a good place for them to be, since it's deprecated... ok, I give up. It's not that important after all 🔨 |
I'm having a hard time trying to come up with a good way to test these goofy certs. Any ideas? |
No, I mean. Lets pull your patch @isaacs |
Ok, @isaacs seems to be pretty busy right now... Probably @bnoordhuis or @piscisaureus can review it? Or @pquerna ? |
I don't know if I'd call it 'widely used' but RFC 2818 certainly allows for it. @NodePing I'll land your patch but a test case would be nice. You can generate a self-signed certificate with Drop the key and the certificate in test/fixtures and the test itself in test/simple. |
Allow wildcards in CN test
I've updated the existing test for wildcards in CN to assert true, rather than false. |
Allow CN to be checked for wildcard
#4254