On Tue, Aug 11, 2015 at 06:53:29PM +0000, Sekwon Choi via RT wrote: > When we want to perform a host verification using openssl's APIs that use > X509_check_host, host URL that includes specific characters such as '_' or > '~' will be failing when CN from the certificate contains wildcard > character. > > The reason is that, wildcard_match function in > openssl-version/crypto/x509v3/v3_utils.c is not handling '_' and '~' while > those are allowed character for URL.
It's checking the hostname, not the URL. _ and ~ are not allowed in DNS and so not in a hostname. It looks to me that you're trying to validate an URL instead of a hostname. I don't know of any standart that allows you to put a URL in a certificate and it also doesn't make much sense. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
