[Psi-Devel] wildcard certificate matching
Jesse Thompson
jesse.thompson at doit.wisc.edu
Tue Mar 4 12:38:17 PST 2008
Justin Karneges wrote:
> On Tuesday 04 March 2008 9:14 am, Justin Karneges wrote:
>> On Tuesday 04 March 2008 6:28 am, Jesse Thompson wrote:
>>> Given the following wildcard certificate:
>>>
>>> Common name: domain.tld, *.domain.tld
>>> Domain name: *.domain.tld, domain.tld
>>> XMPP name: domain.tld
>>>
>>> Should the certificate match all of the following JID domains?
>>>
>>> domain.tld
>>> foo.domain.tld
>>> bar.domain.tld
>>>
>>> Psi doesn't allow sub.domain.tld. So my question is whether this is a
>>> bug with Psi, or if the certificate isn't being issued correctly (the
>>> XMPP ICA in this case.)
>> Hmm, it could be a Psi bug. Can you share the actual certificate?
>
> It looks like wildcard matching in QCA is broken. :(
>
> I've fixed this now in QCA SVN, and I've put a copy of the matching code into
> Psi SVN so that Psi works correctly without needing a QCA upgrade.
>
> You should see this fixed in 0.12 then.
Thanks Justin! I'll grab psi-svn, recompile and test.
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20080304/f96deaa6/attachment.bin
More information about the Psi-Devel
mailing list