Nmap Development mailing list archives
Re: Ncat Wildcard Matching rules
From: David Fifield <david () bamsoftware com>
Date: Thu, 18 Jun 2009 09:13:53 -0600
On Thu, Jun 18, 2009 at 04:09:52PM +0100, Rob Nicholls wrote:
On Thu, 18 Jun 2009 08:55:11 -0600, David Fifield <david () bamsoftware com> wrote:On Thu, Jun 18, 2009 at 09:08:37AM +0100, Rob Nicholls wrote:On Wed, 17 Jun 2009 12:03:03 -0600, David Fifield<david () bamsoftware com>wrote:How common are these wildcard certificates in practice? Does anybody run an SSL site with one of them?I don't use a wildcard certificate on my own website, but I've tested a number of clients in the last few years that have used them on theirs.Sothey're not uncommon.Are they the kind that would be handled by a single leftmost wildcard, nothing fancier?Yes, I don't think I've ever seen anything other than a single leftmost wildcard. I've also seen wildcard certificates that have a Subject Alternative Name of the domain itself (as a certificate for *.domain.tld isn't valid for any sites hosted at https://domain.tld), but that's about as exotic as I can remember. I presume whatever code handles SANs would also cope with a wildcard with SANs.
Yeah, Ncat already looks at the alternative names, and I suppose we would use the same matching for those and the common name, unless there's a reason not to. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncat Wildcard Matching rules venkat sanaka (Jun 13)
- Re: Ncat Wildcard Matching rules David Fifield (Jun 17)
- [SPAM] Re: Ncat Wildcard Matching rules Rob Nicholls (Jun 18)
- Re: Ncat Wildcard Matching rules David Fifield (Jun 18)
- [SPAM] Re: Ncat Wildcard Matching rules Rob Nicholls (Jun 18)
- Re: Ncat Wildcard Matching rules David Fifield (Jun 18)
- [SPAM] Re: Ncat Wildcard Matching rules Rob Nicholls (Jun 18)
- Re: Ncat Wildcard Matching rules David Fifield (Jun 17)