[openssl-dev] [openssl.org #4003] OpenSSL Bug report / Patch submission - wildcard_match in host verification
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 11 19:52:46 UTC 2015
On Tue, Aug 11, 2015 at 07:29:15PM +0000, Viktor Dukhovni wrote:
> On Tue, Aug 11, 2015 at 07:22:58PM +0000, Kurt Roeckx via RT wrote:
>
> > It looks to me that you're trying to validate an URL instead of a
> > hostname. I don't know of any standart that allows you to put a
> > URL in a certificate and it also doesn't make much sense.
>
> Certificates IIRC can have URI subjectAltNames, I don't recall
> whether we support matching these. If we did, that would certainly
> not be via X509_check_host(), there would have to be an X509_check_uri()
> interface.
We don't currently support URI subjectAltNames.
--
Viktor.
More information about the openssl-dev
mailing list