Closed
Bug 1107791
Opened 11 years ago
Closed 11 years ago
Limit wildcard DNS ID support to names of the form *.example.com (not foo*.example.com)
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: briansmith, Assigned: briansmith)
References
Details
(Keywords: dev-doc-complete, site-compat)
Attachments
(1 file)
|
11.28 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
I've never seen a cert with a name of the form foo*.example.com, but mozilla::pkix supports that name form.
RFC 6125 says such names are valid, but it also says that *foo.example.com and foo*bar.example.com are valid, and we already chose not to support them.
Now, Chromium is limiting its support for wildcards to the *.example.com form. This change is consistent with what they are doing.
Attachment #8532350 -
Flags: review?(dkeeler)
|
||
Comment 1•11 years ago
|
||
Comment on attachment 8532350 [details] [diff] [review]
remove-unusual-wildcard-support.patch
Review of attachment 8532350 [details] [diff] [review]:
-----------------------------------------------------------------
Great - r=me with nit addressed.
::: security/pkix/lib/pkixnames.cpp
@@ +1578,5 @@
> + if (rv != Success) {
> + assert(false);
> + return false;
> + }
> +
nit: trailing whitespace
Attachment #8532350 -
Flags: review?(dkeeler) → review+
|
Assignee | |
Comment 2•11 years ago
|
||
|
||
Comment 3•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
||
Comment 4•11 years ago
|
||
Added to the compat doc: https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility
Keywords: dev-doc-complete,
site-compat
You need to log in
before you can comment on or make changes to this bug.
Description
•