On Thu, Jul 03, 2014 at 08:34:16PM +0200, Jakob Bohm wrote:
> >>For X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS:
> >>Is that the "leftmost" rule? I.e., a wildcard must be at the leftmost label?
> >
> >No, it is exactly what is described. When the bit is clear such partial
> >wildcards are allowed.
>
>
On Thu, Jul 3, 2014 at 3:35 PM, Viktor Dukhovni
wrote:
> On Thu, Jul 03, 2014 at 12:28:20PM -0400, Jeffrey Walton wrote:
> ...
>> Does the entire RFC 6125 apply for hostname matching? If so, two points:
>>
>> (1) X509_check_host(3)'s description only references tRFC 6125
>> for IDNs p
On Thu, Jul 03, 2014 at 12:28:20PM -0400, Jeffrey Walton wrote:
> Right, but what is the baseline behavior with (and without) wild cards
> in a certificate's DNS name?
The opposite of each flag bit. Wildcards are supported, match only
in the left-most label, but may match a part of that label wi
On 7/3/2014 1:22 PM, Viktor Dukhovni wrote:
On Thu, Jul 03, 2014 at 12:35:23AM -0400, Jeffrey Walton wrote:
I guess what I am asking: what is the default behavior. Its not clear
from the basic description.
For each flag bit, the opposite behaviour to that obtained by
setting the bit is the d
Hi Viktor,
Great work on the API.
I have a few additional questions. My apologies if you are on the
beach enjoying yourself.
>> I guess what I am asking: what is the default behavior. Its not clear
>> from the basic description.
>
> For each flag bit, the opposite behaviour to that obtained by
>
On Thu, Jul 03, 2014 at 12:35:23AM -0400, Jeffrey Walton wrote:
>
> I guess what I am asking: what is the default behavior. Its not clear
> from the basic description.
For each flag bit, the opposite behaviour to that obtained by
setting the bit is the default when the bit is zero.
> *
> Fo
