Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add webpki::nc::nc-permits-dns-san-pattern #385

Merged
merged 1 commit into from
Jan 7, 2025
Merged

add webpki::nc::nc-permits-dns-san-pattern #385

merged 1 commit into from
Jan 7, 2025

Conversation

woodruffw
Copy link
Collaborator

@woodruffw woodruffw commented Jan 7, 2025
edited
Loading

WIP. Will add an IP pattern as well.

@woodruffw
add webpki::nc::nc-permits-dns-san-pattern
c5671c6 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw self-assigned this Jan 7, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

:shipit: No regressions found.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 7, 2025

New testcases

There are new testcases in this change.

rustls-webpki

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

openssl-1.1

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

openssl-3.0.15

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

openssl-3.4.0

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

openssl-3.3.2

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

openssl-3.1.7

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

gnutls-certtool-3.8.3

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS FAILURE Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.

gocryptox509-go1.23.4

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS

openssl-3.2.3

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS SUCCESS None

rust-webpki

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS FAILURE UnknownIssuer

pyca-cryptography-44.0.0

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS FAILURE validation failed: candidates exhausted: unsatisfiable DNS name constraint: malformed SAN *.example.com

certvalidator-0.11.1

Testcase Expected Result Actual Result Context
webpki::nc::nc-permits-dns-san-pattern SUCCESS FAILURE The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints

@woodruffw woodruffw mentioned this pull request Jan 7, 2025
Closed
@woodruffw woodruffw merged commit eec7dc9 into main Jan 7, 2025
7 checks passed
@woodruffw woodruffw deleted the ww/nc-san-pattern branch January 7, 2025 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@woodruffw woodruffw

Labels
🙈 no-regressions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@woodruffw