194285 - wildcards in ssl certificate are not being handled according to rfc 2818

Status: RESOLVED DUPLICATE of bug 159483

(NSS :: Libraries, defect, P3)

Description

[mozbug1]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021130

According to rfc 2818:
Names may contain the wildcard
   character * which is considered to match any single domain name
   component or component fragment. E.g., *.a.com matches foo.a.com but
   not bar.foo.a.com. f*.com matches foo.com but not bar.com.

If you go to https://a.foo.bar.d1.selectacast.net/ mozilla does not complain
about a hostname mismatch, even though the CN is good only for
*.*.d1.selectacast.net

Reproducible: Always

Steps to Reproduce:
1. Go to https://a.foo.bar.d1.selectacast.net/





I may change this certificate soon, so it may break the example.

Comment 1

[Kai Engert (:KaiE:)]

The certificate wildcard processing is not done by PSM, but by NSS.
Over to NSS for investigation.

Comment 2

[Wan-Teh Chang]

Nelson, could you take a look at this?  We should evaluate
whether anyone may possibly depend on this bug.

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

Bug 159483 is intended to address all the differences beween NSS and RFC 2818.
I will add more comments to that bug shortly.

*** This bug has been marked as a duplicate of 159483 ***