]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Add a test for using a leading . for verification of a domain name
authorBob Beck <beck@openssl.org>
Wed, 4 Feb 2026 00:57:49 +0000 (17:57 -0700)
committerNeil Horman <nhorman@openssl.org>
Tue, 24 Feb 2026 14:03:39 +0000 (09:03 -0500)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:04:20 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

test/verify_extra_test.c

index 1420c710348d2637a6eedac74a988664085350f8..f3e431d1406e71625aec872db5bc468e55681eb3 100644 (file)
@@ -364,6 +364,18 @@ static int test_multiname_selfsigned(void)
         X509_STORE_CTX_cleanup(ctx);
         if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, NULL, 0)))
             goto err;
+        /* Try the domain with . */
+        if (!TEST_true(X509_STORE_CTX_init(ctx, store, cert, NULL)))
+            goto err;
+        if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, ".muppetry.ca", 0)))
+            goto err;
+        if (!TEST_true(X509_verify_cert(ctx))) {
+            TEST_info("Verify failed for domain name .muppetry.ca\n");
+            fails++;
+        }
+        X509_STORE_CTX_cleanup(ctx);
+        if (!TEST_true(X509_VERIFY_PARAM_set1_host(vpm, NULL, 0)))
+            goto err;
     }
 
     for (size_t i = 0; multiname_emails[i] != NULL; i++) {