© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
5c6b958
demo site
(Get the code!)
While reading RFC 2595:
- A "*" wildcard character MAY be used as the left-most name
component in the certificate. For example, *.example.com would
match a.example.com, foo.example.com, etc. but would not match
example.com.
And in RFC 2818:
Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment.
So *.*.example.com should work according to 2818 but not 2595. But 2818 is "HTTP Over TLS" and 2595 is "Using TLS with IMAP, POP3 and ACAP", and since Firefox is a web browser and not an email client I think it should follow 2818. Furthermore the wording in 2595 seems to have been intended to ensure that wildcards were leftmost, and to disallow cases example.*. It seems to me just sloppy wording on the part of the author that disallowed *.*.example.com
(In reply to comment #20)
> (In reply to comment #17)
> > Created an attachment (id=288138) [details] [details]
> > Test program (for illustration purposes only)
> <snip>
> > *.*.example.com does not match hostname foo.bar.example.com
>
> *.*.example.com does *should* match foo.bar.
> *.* certificate and this would break our website in firefox.
>