On 5/11/2016 11:44 AM, Rick Berge wrote:
>
> I’m using libcurl to connect to a site x.y.foo.net that has a wildcard
> certificate for *.foo.net.
>
> On a Win8.1 PC with libcurl identifying itself as version "7.45.0",
> ssl_version "OpenSSL/1.0.1p" I see
>
> curl: Info: Server certificate:
>
> curl: Info: subject: OU=Domain Control Validated; CN=*.foo.net
>
> curl: Info: subjectAltName does not match x.y.foo.net
>
> curl: Info: SSL: no alternative certificate subject name matches
> target host name 'x.y.foo.net'
>
> Ok, that’s about what I’d expect. * should only match a single
> hostname/domain-name component.
>
> On a 10.11 Mac with version "7.43.0", ssl_version "SecureTransport" it
> just quietly, successfully connects. Since this is my primary
> environment, I didn’t even realize there was a certificate problem.
>
> From what I can tell, I don’t see any bugs reported on this. Should
> there be? And do the other vtls adapters need checking too?
>
>

I won't be surprised if Apple tells you that is intentional. I remember
reading some browsers did it that way where *.a.com matched bar.foo.a.com.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-05-11