[Psi-Devel] wildcard certificate matching
Jesse Thompson
jesse.thompson at doit.wisc.edu
Tue Mar 4 12:58:45 PST 2008
Jesse Thompson wrote:
> Justin Karneges wrote:
>> On Tuesday 04 March 2008 9:14 am, Justin Karneges wrote:
>>> On Tuesday 04 March 2008 6:28 am, Jesse Thompson wrote:
>>>> Given the following wildcard certificate:
>>>>
>>>> Common name: domain.tld, *.domain.tld
>>>> Domain name: *.domain.tld, domain.tld
>>>> XMPP name: domain.tld
>>>>
>>>> Should the certificate match all of the following JID domains?
>>>>
>>>> domain.tld
>>>> foo.domain.tld
>>>> bar.domain.tld
>>>>
>>>> Psi doesn't allow sub.domain.tld. So my question is whether this is a
>>>> bug with Psi, or if the certificate isn't being issued correctly (the
>>>> XMPP ICA in this case.)
>>> Hmm, it could be a Psi bug. Can you share the actual certificate?
>>
>> It looks like wildcard matching in QCA is broken. :(
>>
>> I've fixed this now in QCA SVN, and I've put a copy of the matching
>> code into Psi SVN so that Psi works correctly without needing a QCA
>> upgrade.
>>
>> You should see this fixed in 0.12 then.
>
> Thanks Justin! I'll grab psi-svn, recompile and test.
Confirmed. Thanks again!
Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20080304/d80d9e77/attachment.bin
More information about the Psi-Devel
mailing list