Re: Openssl s_client verify_ip usage on ip wildcard matching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 11, 2022 at 04:40:24PM -0800, Edward Tsang via openssl-users wrote:

> Does verify_ip supports leftmost wildcard?

I am not aware of any RFC specifying wildcard matching in iPAddress
X.509 SANs, and no such feature is implemented in OpenSSL.

The SAN syntax is raw binary data in network byte order with 4 bytes for
IPv4 and 16 bytes for IPv6, with no place to signal a wildcard:

    https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6

IP address SANs in certiificates must match exactly.

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux