[gnutls-devel] More hostname matching goodness
James Cloos
cloos at jhcloos.com
Mon Mar 24 20:28:03 CET 2014
>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
NM> with the intention to completely drop wildcard support at some point.
Wildcard support should remain indefinitely.
It is superior to listing every match in the cert. Having to churn
certs just because new hosts are added is riskier than using wildcards.
NM> I'll also restrict the code of existing releases (3.2 and 3.1) to two
NM> domain components after the wildcard rule,
Do you mean at least two right of the wildcard or that the wildcard will
match at most two?
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the Gnutls-devel
mailing list