diff options
| author | René Korthaus <[email protected]> | 2017-04-20 09:54:19 +0200 |
|---|---|---|
| committer | René Korthaus <[email protected]> | 2017-04-20 17:12:23 +0200 |
| commit | 289cc25709b081cd112d47db66c4f2fbf4609583 (patch) | |
| tree | fbb5cfad1fc6c94cad08ebc8bafd724a953425af /src/tests/data | |
| parent | 8ee030e6d4f3b7b449aab3c1cca1a3837a5143e5 (diff) | |
Complete wildcard handling for X.509 certificates
Hostname validation is used to make sure the certificate
hostname matches the hostname of the connected host.
RFC 6125 allows one wildcard in the left-most label of
a hostname. Up to now, we only supported only the wildcard
as the left-most label, e.g., www.example.com would
match *.example.com, but www.example.com would not
match www*.example.com, although it is permitted.
Also adds test vectors from RFC 6125 as well as the
OpenSSL test suite.
Diffstat (limited to 'src/tests/data')
| -rw-r--r-- | src/tests/data/hostnames.vec | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/src/tests/data/hostnames.vec b/src/tests/data/hostnames.vec new file mode 100644 index 000000000..91296d2d8 --- /dev/null +++ b/src/tests/data/hostnames.vec @@ -0,0 +1,66 @@ +# Test vectors derived from from RFC 6125 and OpenSSL test suite +# https://github.com/openssl/openssl/blob/master/test/v3nametest.c + +Issued = example +Hostname = example + +Issued = example.com +Hostname = example.com + +Issued = a.example.com +Hostname = a.example.com + +Issued = test.www.example.com +Hostname = test.www.example.com + +Issued = *.example.com +Hostname = foo.example.com + +Issued = baz*.example.net +Hostname = baz1.example.net + +Issued = baz*.example.net +Hostname = baz.example.net + +Issued = *baz.example.net +Hostname = foobaz.example.net + +Issued = *baz.example.net +Hostname = baz.example.net + +Issued = b*z.example.net +Hostname = buzz.example.net + +Issued = foo*bar.example.net +Hostname = foobar.example.net + +Issued = *.www.example.com +Hostname = test.www.example.com + +Issued = *www.example.com +Hostname = www.example.com + +[Invalid] +Issued = example.com +Hostname = www.example.com + +Issued = www.example.com +Hostname = example.com + +Issued = bar.*.example.net +Hostname = bar.foo.example.net + +Issued = *.example.com +Hostname = bar.foo.example.com + +Issued = *.example.com +Hostname = example.com + +Issued = foo*foo.example.com +Hostname = foo.example.com + +Issued = **.example.com +Hostname = foo.example.com + +Issued = *.*.example.com +Hostname = foo.bar.example.com |