Re: IXWebSocket wss c++ client cannot connect to Node.js wss server using an ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Feb 16, 2023 at 01:21:56PM -0500, Pierre-Luc Boily wrote:

> In the book of Ivan Ristic (Bullet Proof TLS and PKI), chapter 12,
> section *Creating Certificates for Multiple Hostnames*, the author
> uses a wildcard in the SAN (*.feistyduck.com).
> 
> So, if the SAN has *.feistyduck.com and feistyduck.com, what will be
> accepted with the above flag?
> 
> 1. www.feistyduck.com ?
> 4. feistyduck.com ?

Yes, regardless of the flag value.

> 2. www.sub.feistyduck.com ?
> 3. www.sub.sub2.feistyduck.com ?

No, regardless of the flag value.

The documentation reads:

   If set, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS suppresses support for
   "*" as wildcard pattern in labels that have a prefix or suffix, such
   as: "www*" or "*www"; this only applies to X509_check_host.

did you read the documentation?  Which part was unclear?

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux