[gnutls-devel] More hostname matching goodness

Jeffrey Walton noloader at gmail.com
Sat Mar 22 04:04:13 CET 2014 

Hi Gentleman/Nikos,

Here's another that looks illegal per the RFCs and CA/B Baseline.

Create a server cert with a single SAN of "WWW.*.COM":

$ openssl x509 -in server-rsa-cert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9008050290962543110 (0x7d0306034fad3206)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Example, LLC, CN=Example CA
        Validity
            Not Before: Jan  1 00:00:00 2014 GMT
            Not After : Jan  1 00:00:00 2024 GMT
        Subject: O=Example, LLC, CN=Example Certificate
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b0:3b:86:b8:17:4e:0f:b7:d5:ff:9b:4a:16:32:
                    ...
                    aa:7a:2e:24:75:25:20:e6:5e:5c:c2:67:56:0f:14:
                    dd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name:
                DNS:www.*.com
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment, Key Agreement
            X509v3 Subject Key Identifier:
                B5:AF:38:82:0C:C4:32:6E:9F:F5:F1:97:83:49:26:8D:AB:CB:3C:88
            X509v3 Authority Key Identifier:

keyid:B1:77:69:71:06:C6:25:90:28:B8:BA:49:70:A1:2F:3F:0F:32:C0:3C
        ...

Start the server:

$ openssl s_server -accept 8443 -www -certform PEM -cert
server-rsa-cert-2.pem -keyform PEM -key server-rsa-key-plain.pem -tls1
-cipher HIGH:-EDH:-DHE

Make a client request trusting the exemplary CA:

$ echo -e "GET / HTTP/1.0\r\n" | gnutls-cli --x509cafile
ca-rsa-cert.pem www.example.com --port 8443
Processed 1 CA certificate(s).
Resolving 'www.example.com'...
Connecting to '127.0.0.1:8443'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `O=Example\, LLC,CN=Example Certificate', issuer
`C=USO=Example\, LLC,CN=Example CA', RSA key 2048 bits, signed using
RSA-SHA256, activated `2014-01-01 00:00:00 UTC', expires `2024-01-01
00:00:00 UTC', SHA-1 fingerprint
`bc1c3a33d91dfeb60b0d6083921041f7ffd7dbfa'
- The hostname in the certificate matches 'www.example.com'.
- Peer's certificate is trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

*****

I also found a server certificate with two SANs is most useful: one
"*.COM", and one "WWW.*.COM".

I've also got a really cool "one cert to rule them all". Its got the
top levels (*.COM, *.NET, etc) and the named host variants (WWW.*.COM,
WWW.*.NET, MAIL.*.COM, MAIL.*.NET, FTP.*.COM, FTP.*.NET).

Jeffrey Walton
Baltimore, MD, US

More information about the Gnutls-devel mailing list