Author christian.heimes
Recipients alex, benjamin.peterson, christian.heimes, dstufft, ned.deily, pitrou, rhettinger
Date 2017-04-02.18:06:40
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1491156400.24.0.723098905876.issue23033@psf.upfronthosting.co.za>
In-reply-to
Content
Ned, Benjamin,

are you ok with a backport to 2.7 and 3.6? Substring (aka partial) matching of wildcards is a MAY feature according to RFC 6125 https://tools.ietf.org/html/rfc6125#section-6.4.3 . They are a violation of CA/B Form's baseline requirements, so no publicaly trusted cert may contain a CN or SAN entry with a partial wildcard. Several libraries and languages do not implement the feature either. Improper wildcard matching caused a bunch of security issues and CVEs in Python.
History
Date User Action Args
2017-04-02 18:06:40christian.heimessetrecipients: + christian.heimes, rhettinger, pitrou, benjamin.peterson, ned.deily, alex, dstufft
2017-04-02 18:06:40christian.heimessetmessageid: <1491156400.24.0.723098905876.issue23033@psf.upfronthosting.co.za>
2017-04-02 18:06:40christian.heimeslinkissue23033 messages
2017-04-02 18:06:40christian.heimescreate