[wp-hackers] Tiny pach for options-misc.php
Jordi Canals
jordi at jcanals.net
Fri Aug 7 00:31:15 UTC 2009
It's not a bug. That's just what standard says, the wilcard is only valid
for one level. A certificate for *.wordpress.org will match
trac.wordpress.org, but will not match core.track.wordpress.org. The bug is
in browsers matching the last one.
This is stated on the RFC 2818, look at page 4:
Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
--
Jordi Canals
http://alkivia.org
2009/8/7 Matt Freedman <speedboxer at gmail.com>
> Happens in Safari and Chrome as well, probably not a bug.
>
> On Thu, Aug 6, 2009 at 4:53 PM, Stephen Rider<wp-hackers at striderweb.com>
> wrote:
> >
> > On Aug 6, 2009, at 3:10 PM, Ozh wrote:
> >
> >> Firefox has recently been warning about untrusted connection when
> >> using the https <http://i28.tinypic.com/ibjngm.gif>, or is it just me?
> >
> > I can confirm. I had to add an exception. Perhaps a bug report to
> Firefox
> > is in order?
> >
> > Stephen
> >
> >
> > --
> > Stephen Rider
> > http://striderweb.com/
> >
> >
> >
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Matt Freedman
> http://mattfreedman.ca/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list