]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Allow for a leading . for wildcard like matches
authorBob Beck <beck@openssl.org>
Wed, 4 Feb 2026 00:51:37 +0000 (17:51 -0700)
committerNeil Horman <nhorman@openssl.org>
Tue, 24 Feb 2026 14:03:39 +0000 (09:03 -0500)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:17 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

crypto/x509/x509_vpm.c

index 919f6379769969c0b6d88f66d0d618d29c036b97..c3e4e25fc326e3605680b815efe29f3aa9cc02d5 100644 (file)
@@ -249,8 +249,11 @@ static int validate_hostname_part(const char *name, size_t len,
     for (i = 0; i < len; i++) {
         c = name[i];
         if (c == '.') {
-            /* Can not start a label with a . */
-            if (part_len == 0)
+            /*
+             * Can not start a label with a .
+             * unless it is the very first character.
+             */
+            if (part_len == 0 && i != 0)
                 return 0;
             /* Can not end a label with a - */
             if (prev == '-')