[
https://issues.apache.org/jira/browse/TS-4480?focusedWorklogId=28946&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-28946
]
ASF GitHub Bot logged work on TS-4480:
--------------------------------------
Author: ASF GitHub Bot
Created on: 13/Sep/16 15:24
Start Date: 13/Sep/16 15:24
Worklog Time Spent: 10m
Work Description: Github user SolidWallOfCode commented on a diff in the
pull request:
https://github.com/apache/trafficserver/pull/992#discussion_r78582673
--- Diff: iocore/net/SSLCertLookup.cc ---
@@ -346,48 +349,30 @@ int
SSLContextStorage::insert(const char *name, int idx)
{
ats_wildcard_matcher wildcard;
- bool inserted = false;
+ InkHashTableValue value;
+ char lower_case_name[TS_MAX_HOST_NAME_LEN + 1];
--- End diff --
Any reason to not just lower case `name` immediately?
Issue Time Tracking
-------------------
Worklog Id: (was: 28946)
Time Spent: 1h 20m (was: 1h 10m)
> Wildcards in certificates should only match one level
> -----------------------------------------------------
>
> Key: TS-4480
> URL: https://issues.apache.org/jira/browse/TS-4480
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Michael Sokolnicki
> Assignee: Susan Hinrichs
> Fix For: 7.0.0
>
> Attachments: current_patch.diff
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> According to RFC 6125 section 6.4.3:
> {quote}
> If the wildcard character is the only character of the left-most label in the
> presented identifier, the client SHOULD NOT compare against anything but the
> left-most label of the reference identifier (e.g., *.example.com would match
> foo.example.com but not bar.foo.example.com or example.com).
> {quote}
> In the current implementation, certificates are searched for in a trie, and
> the longest match is returned, but there is no check if that match complies
> with the above rule. This causes invalid certs to be returned and SLL errors
> in the browser (in Firefox, we get SSL_ERROR_BAD_CERT_DOMAIN).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
