CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/04/13 11:04:23
Modified files:
lib/libcrypto/x509: x509_constraints.c x509_internal.h
regress/lib/libcrypto/x509: constraints.c
Log message:
Prior to this we substring matched and allowed a leading .
on a SAN DNSname constraint. This is not correct, as with
a DNSname constraint, it may exacly match or match zero or
more additional components on the front of the candidte to
match.
Spotted by Haruto Kimura <[email protected]>
ok tb@ kenjiro@
