X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

man X509_check_host says:
       If set, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS restricts name values
       which start with ".", that would otherwise match any sub-domain in the
       peer certificate, to only match direct child sub-domains.  Thus, for
       instance, with this flag set a name of ".example.com" would match a
       peer certificate with a DNS name of "www.example.com", but would not
       match a peer certificate with a DNS name of "www.sub.example.com"; this
       flag only applies to X509_check_host.

I haven't see the idea of ".example.com" being special in any of the RFCs I've 
been looking at.  Can somebody give me a lesson in this area?

Is there any way to turn it off totally while still allowing * type wildcards?


-- 
These are my opinions.  I hate spam.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux