[Psi-Devel] wildcard certificate matching
Justin Karneges
justin-psi2 at affinix.com
Tue Mar 4 12:32:09 PST 2008
On Tuesday 04 March 2008 9:14 am, Justin Karneges wrote:
> On Tuesday 04 March 2008 6:28 am, Jesse Thompson wrote:
> > Given the following wildcard certificate:
> >
> > Common name: domain.tld, *.domain.tld
> > Domain name: *.domain.tld, domain.tld
> > XMPP name: domain.tld
> >
> > Should the certificate match all of the following JID domains?
> >
> > domain.tld
> > foo.domain.tld
> > bar.domain.tld
> >
> > Psi doesn't allow sub.domain.tld. So my question is whether this is a
> > bug with Psi, or if the certificate isn't being issued correctly (the
> > XMPP ICA in this case.)
>
> Hmm, it could be a Psi bug. Can you share the actual certificate?
It looks like wildcard matching in QCA is broken. :(
I've fixed this now in QCA SVN, and I've put a copy of the matching code into
Psi SVN so that Psi works correctly without needing a QCA upgrade.
You should see this fixed in 0.12 then.
-Justin
More information about the Psi-Devel
mailing list