On Tue, Apr 19, 2022 at 10:07:15PM -0400, Viktor Dukhovni wrote:
> This is an apples/oranges dichotomy. "*" wildcards are "presented
> identifiers" in the certificate.
>
> If the documentation is not sufficiently clear (too subtle) on this
> point, would you like to suggest some text to clarify
On Tue, Apr 19, 2022 at 03:25:03PM -0700, Hal Murray wrote:
> man X509_check_host says:
>If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name values
>which start with ".", that would otherwise match any sub-domain in the
>peer certificate, to only match direct chi
> On 21 Jun 2020, at 1:20 pm, Dan Kegel wrote:
>
> Openssl should probably stop using generic identifiers like freefunc
> in its header files, out of sheer self-defense.
I'd long held an apparently minority opinion among OpenSSL team members
that prototypes in header files MUST NOT name any vari
man X509_check_host says:
If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name values
which start with ".", that would otherwise match any sub-domain in the
peer certificate, to only match direct child sub-domains. Thus, for
instance, with this flag set a na
The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 3.0.3 and 1.1.1o.
These releases will be made available on Tuesday 26th April 2022
between 1300-1700 UTC.
These are security-fix releases. The highest severity issue
fixed in these releases is MODERATE:
h
