Question: why doesn't my wildcard matching work with OpenSSL?
paul at mad-scientist.net
Mon Jun 10 20:41:11 UTC 2019
On Mon, 2019-06-10 at 15:14 -0400, Viktor Dukhovni wrote:
> As a safety measure, OpenSSL does not support "*.tld" wildcards.
> The non-wildcard portion of the domain name needs to have at
> least two labels. It seems I've neglected to document this... :-(
> You can have "*.domain.example", but not "*.domain".
I see, thanks, that's good info. We will try to figure out how to
modify our Docker-based test configuration to use a multi-label domain
name for its private network.
I'm not sure how or if that will impact users, outside of our test
Is this something controlled by an option for X509_check_host() or is
it just hardcoded and can't be modified? I didn't see any options in
the docs that seem to manage that, unless it's a side-effect.
More information about the openssl-users