On Fri, Jun 18, 2004 at 06:14:41AM -0700, Lev Walkin wrote: > Gisle Vanem wrote: > >"Lev Walkin" <[EMAIL PROTECTED]> said: > > > > > >>>No, fnmatch() is fairly portable across Unixes though. > >> > >> > >>Please note that fnmatch() use is against RFC2818. > > > > > >Please explain why. > > Because "*.domain.com" shouldn't match "abc.def.ghi.domain.com" > per RFC2818#3.1, as it does with fnmatch().
Good point. I didn't really mean to advocate use of fnmatch; in my own code I simply check for a leading "*." matching any leading component in the hostname which is safe and seems to be sufficient for most deployed certs. joe ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]