Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard ha…

Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard ha… - Code Review

Created:
6 years ago by Ryan Sleevi

Modified:
6 years ago

Reviewers:
davidben

CC:
chromium-reviews, cbentzel+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling. RFC 2818 deprecates these esoteric forms, thus RFC 6125 documents them, but they should never appear in a publicly trusted certificate, and are dang weird for internal certificates. Instead, require that the wildcard - Appear ONLY in the left-most label of a presented name. This is existing behaviour. - Appear as the ONLY character in the label (e.g. it is the full label). This is the new behaviour. BUG=434960 R=davidben@chromium.org Committed: https://crrev.com/11b72a072effbf22f4f80eaba75acb38e33967dd Cr-Commit-Position: refs/heads/master@{#306603}

Patch Set 1 #

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+13 lines, -22 lines)			Patch
	M	net/cert/x509_certificate.cc	View		1 chunk	+2 lines, -13 lines	0 comments	Download
	M	net/cert/x509_certificate_unittest.cc	View		2 chunks	+11 lines, -9 lines	0 comments	Download

Messages

Total messages: 7 (1 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages