You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I submitted a PR to implement this since we're looking to use certificates with partial wildcards and it seems that other common tools/libraries implement this too. For example:
Thank you for the effort, but this isn't something that we would want to support I'm afraid.
We (being the wider PKI community) have worked hard to define and constrain wildcards, which were fairly wild (excuse the pun) for a long time, because differences in interpretations of wildcards between systems is dangerous.
Now wildcards are defined in the Baseline[1] as "A Domain Name consisting of a single asterisk character followed by a single full stop character (“*.”) followed by a Fully-Qualified Domain Name.". That's the complete definition that clients should support.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?What did you do?
Tried validating a certificate that uses partial wildcards (eg.
foo*.example.com
) against a hostname (eg.foobar.example.com
).What did you expect to see?
The hostname/SubjectAltName validation should succeed.
What did you see instead?
The validation fails because the optional RFC 6125, section 6.4.3, rule 3 is not implemented.
The text was updated successfully, but these errors were encountered: