Hi
I've reopened the two bugs.
The first patch was incomplete, as pointed by David and by other bug
i've found reviewing the code.
The bug pointed by David can occur in some rare cases where the CA
issues malformed certificates. It's rare, but there are may CA...
The other bug it's about wildcard certificate validation. The first
patch incorrect validates some cases. They're also rare cases of
certificates of type aaaa*.xxx.com.
Both are very rare cases, but I think they must be fixed before release.
In outline, hosts name correctly validated:
original -> 0% (no validation at all)
first patch -> ¿99%?
Never fails with valid certificates,
block majority of invalid request.
allow few rare cases which should be blocked
second patch -> 100%. I hope.
Thanks for your patience
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
