Branch: Tag:

2020-01-20

2020-01-20 23:15:50 by Tobias S. Josefowitz <tobij@tobij.de>

SSL: Only accept wildcards for one level

* in CN / SubjectAlternativeName:dNS is supposed to only match one level
of the hostname, i.e. *.example.com matches foo.example.com but not
www.foo.example.com.

170:    - Fix the only known deadlock-cause logged in the last year; only happened    (rarely) on multiple parallel queries on a single connection.    + o SSL +  +  When verifying the hostname against the certificate, only accept * +  (wildcard) for one level, i.e. *.example.com matches foo.example.com, +  but not www.foo.example.com. Previously, all levels were matched. +    o SSL.File       Do not close automatically on write error.