Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling.
RFC 2818 deprecates these esoteric forms, thus RFC 6125 documents them,
but they should never appear in a publicly trusted certificate, and
are dang weird for internal certificates.
Instead, require that the wildcard
- Appear ONLY in the left-most label of a presented name. This is
existing behaviour.
- Appear as the ONLY character in the label (e.g. it is the full
label). This is the new behaviour.
BUG=434960
R=davidben@chromium.org
Review URL: https://codereview.chromium.org/762013002
Cr-Commit-Position: refs/heads/master@{#306603}
2 files changed