[openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 11 19:29:15 UTC 2015
On Tue, Aug 11, 2015 at 07:22:58PM +0000, Kurt Roeckx via RT wrote:
> It looks to me that you're trying to validate an URL instead of a
> hostname. I don't know of any standart that allows you to put a
> URL in a certificate and it also doesn't make much sense.
Certificates IIRC can have URI subjectAltNames, I don't recall
whether we support matching these. If we did, that would certainly
not be via X509_check_host(), there would have to be an X509_check_uri()
interface.
--
Viktor.
More information about the openssl-dev
mailing list