Closed
Bug 1107791
Opened 10 years ago
Closed 10 years ago
Limit wildcard DNS ID support to names of the form *.example.com (not foo*.example.com)
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: briansmith, Assigned: briansmith)
References
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(1 file)
11.28 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
I've never seen a cert with a name of the form foo*.example.com, but mozilla::pkix supports that name form. RFC 6125 says such names are valid, but it also says that *foo.example.com and foo*bar.example.com are valid, and we already chose not to support them. Now, Chromium is limiting its support for wildcards to the *.example.com form. This change is consistent with what they are doing.
Attachment #8532350 -
Flags: review?(dkeeler)
Comment on attachment 8532350 [details] [diff] [review] remove-unusual-wildcard-support.patch Review of attachment 8532350 [details] [diff] [review]: ----------------------------------------------------------------- Great - r=me with nit addressed. ::: security/pkix/lib/pkixnames.cpp @@ +1578,5 @@ > + if (rv != Success) { > + assert(false); > + return false; > + } > + nit: trailing whitespace
Attachment #8532350 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 2•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4530482cc605
Comment 3•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4530482cc605
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Comment 4•9 years ago
|
||
Added to the compat doc: https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility
Keywords: dev-doc-complete,
site-compat
Depends on: 1125261
You need to log in
before you can comment on or make changes to this bug.
Description
•