IXWebSocket wss c++ client cannot connect to Node.js wss server using an ip address
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Feb 16 18:39:42 UTC 2023
On Thu, Feb 16, 2023 at 01:21:56PM -0500, Pierre-Luc Boily wrote:
> In the book of Ivan Ristic (Bullet Proof TLS and PKI), chapter 12,
> section *Creating Certificates for Multiple Hostnames*, the author
> uses a wildcard in the SAN (*.feistyduck.com).
>
> So, if the SAN has *.feistyduck.com and feistyduck.com, what will be
> accepted with the above flag?
>
> 1. www.feistyduck.com ?
> 4. feistyduck.com ?
Yes, regardless of the flag value.
> 2. www.sub.feistyduck.com ?
> 3. www.sub.sub2.feistyduck.com ?
No, regardless of the flag value.
The documentation reads:
If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support for
"*" as wildcard pattern in labels that have a prefix or suffix, such
as: "www*" or "*www"; this only applies to X509_check_host.
did you read the documentation? Which part was unclear?
--
Viktor.
More information about the openssl-users
mailing list