Branch: Tag:


2020-01-20 23:15:50 by Tobias S. Josefowitz <>

SSL: Only accept wildcards for one level

* in CN / SubjectAlternativeName:dNS is supposed to only match one level
of the hostname, i.e. * matches but not

170:    - Fix the only known deadlock-cause logged in the last year; only happened    (rarely) on multiple parallel queries on a single connection.    + o SSL +  +  When verifying the hostname against the certificate, only accept * +  (wildcard) for one level, i.e. * matches, +  but not Previously, all levels were matched. +    o SSL.File       Do not close automatically on write error.