John Nagle schrieb:
Question: Is a certificate for "*.example.com" considered valid for "example.com"?IIRC OpenSSL does not accept wildcards at all in s_client. The library itself does not make any decision wether a name in a certificate matches the (host-)name the application tried to connect to.OpenSSL seems to say no, but Firefox 2 says yes. Try "https://stanford.edu"; for a test.
Browsers seem to handle wildcards differently, see http://wiki.cacert.org/wiki/WildcardCertificates for some compiled information about the topic.
Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
