Disallow support for a*.example.net, *a.example.net, and a*b.example.net in certificate wildcard handling.

RFC 2818 deprecates these esoteric forms, thus RFC 6125 documents them,
but they should never appear in a publicly trusted certificate, and
are dang weird for internal certificates.

Instead, require that the wildcard
- Appear ONLY in the left-most label of a presented name. This is
  existing behaviour.
- Appear as the ONLY character in the label (e.g. it is the full
  label). This is the new behaviour.

BUG=434960
R=davidben@chromium.org

Review URL: https://codereview.chromium.org/762013002

Cr-Commit-Position: refs/heads/master@{#306603}
2 files changed