[
https://issues.apache.org/jira/browse/TS-1135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13233194#comment-13233194
]
James Peach commented on TS-1135:
---------------------------------
RFC 6125 discusses how clients should match wildcard certs.
I'm going to implement matching for the leftmost wildcard only, i.e. *.foo.org,
*.bar.foo.org. Wildcard names like f*bar.org will not be supported and I'll see
whether I can reject these when we load them.
> support wildcard certificates for ServerNameIndication (SNI)
> ------------------------------------------------------------
>
> Key: TS-1135
> URL: https://issues.apache.org/jira/browse/TS-1135
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: James Peach
> Assignee: James Peach
>
> The ServerNameIndication support added in TS-472 doesn't handle wildcard
> certificates. We need to add certificate parsing support to detect wildcard
> certificates and then (if there is not an exact match) choose the certificate
> with the longest wildcard match.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
