> [openssl-dev@openssl.org - Wed Nov 07 20:23:31 2012]: > > Hi, > > the attached patch implements wildcard matching and introduces the > X509_CHECK_FLAG_NO_WILDCARDS flag to disable it if necessary. > > In addition, it implements case-insensitive comparison of host names and > email address domain parts, as required by RFC 5280. Domain names and > email addresses which contain NUL characters are now rejected, to cope > with some mis-issued certificates. > > I have also added a manual page. The test case does not have full > coverage, but it is better than nothing. >
Many thanks for the patch. I've applied it with a few minor changes. Let me know if I broke anything. > It might make sense to change the API so that 0 means success, 1 match > failure, and -1 an internal error. Right now, it is not possible to > tell match failures and internal errors apart. > Agreed. I changed it to return -1 for internal error and -2 for malformed IP address parameter. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org