You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The standard library package crypto/x509 is built for the WebPKI, and the Baseline Requirements disallow partial wildcards. Browsers behave similarly. Also, the RFC specifies that a client MAY match partial wildcards, so we are not breaking the spec.
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?go version go1.9.5 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/go"
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build007879267=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
What did you do?
trying to match certificate test*.foo.com with host testabc.foo.com
What did you expect to see?
Expecting the host will match the certificate identifier. This is valid according to the RFC https://tools.ietf.org/html/rfc6125#section-6.4.3 where the client can validate this.
What did you see instead?
x509: certificate is valid for test*.foo.com, not testabc.foo.com
The text was updated successfully, but these errors were encountered: