http://www.ietf.org/rfc/rfc2818.txt states the following:
Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
Firefox accepts *.foo.com certificate for a domain baz.bar.foo.com even though it shouldn't do that. Tested with new DigiCert wildcard certificate and it seems like IE handles this situation correctly.
Binary package hint: mozilla-firefox
firefox 3.0.10+ nobinonly- 0ubuntu0. 9.04.1
http:// www.ietf. org/rfc/ rfc2818. txt states the following:
Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
Firefox accepts *.foo.com certificate for a domain baz.bar.foo.com even though it shouldn't do that. Tested with new DigiCert wildcard certificate and it seems like IE handles this situation correctly.