Add a test for using a leading . for verification of a domain name

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:20 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 1420c710348d2637a6eedac74a988664085350f8..f3e431d1406e71625aec872db5bc468e55681eb3 100644 (file)
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -364,6 +364,18 @@ static int test_multiname_selfsigned(void)
         X509_STORE_CTX_cleanup(ctx);
         if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, NULL, 0)))
             goto err;
+        /* Try the domain with . */
+        if (!TEST_true(X509_STORE_CTX_init(ctx, store, cert, NULL)))
+            goto err;
+        if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, ".muppetry.ca", 0)))
+            goto err;
+        if (!TEST_true(X509_verify_cert(ctx))) {
+            TEST_info("Verify failed for domain name .muppetry.ca\n");
+            fails++;
+        }
+        X509_STORE_CTX_cleanup(ctx);
+        if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, NULL, 0)))
+            goto err;
     }
 
     for (size_t i = 0; multiname_emails[i] != NULL; i++) {