[jboss-jira] [JBoss JIRA] (WFWIP-101) SNI wildcard mappings match multiple level of subdomain

Jan Stourac (Jira) issues at jboss.org
Wed Jan 30 06:46:20 EST 2019 

     [ https://issues.jboss.org/browse/WFWIP-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Stourac updated WFWIP-101:
------------------------------
    Description: 
Based on the [text from analasys|https://github.com/wildfly/wildfly-proposals/blob/master/security/WFCORE-3873_SNI_Support.adoc#hard-requirements]
{quote}
Wildcard names use * as a wildcard, and can only be used to match a single level of subdomain in much the same way as with wildcard certificates.
{quote}

As such, in case I have configured SNI mapping for '



The client got peer certificate mapped by the mapping despite the wildcard matches more than one level of a subdomain.

  was:The client got peer certificate mapped by the mapping despite the wildcard matches more than one level of a subdomain.



> SNI wildcard mappings match multiple level of subdomain
> -------------------------------------------------------
>
>                 Key: WFWIP-101
>                 URL: https://issues.jboss.org/browse/WFWIP-101
>             Project: WildFly WIP
>          Issue Type: Bug
>         Environment: Wildfly build with undertow and wildfly-core modules build from following sources:
> * https://github.com/stuartwdouglas/undertow/tree/sni
> * https://github.com/stuartwdouglas/wildfly-core/tree/sni
>            Reporter: Pavel Jelinek
>            Assignee: Stuart Douglas
>            Priority: Major
>              Labels: SNI
>
> Based on the [text from analasys|https://github.com/wildfly/wildfly-proposals/blob/master/security/WFCORE-3873_SNI_Support.adoc#hard-requirements]
> {quote}
> Wildcard names use * as a wildcard, and can only be used to match a single level of subdomain in much the same way as with wildcard certificates.
> {quote}
> As such, in case I have configured SNI mapping for '
> The client got peer certificate mapped by the mapping despite the wildcard matches more than one level of a subdomain.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list