[Sysadmins] Wilcard certs *.*.domain.tld ?

Nick Hilliard nick at netability.ie
Tue Aug 18 23:47:06 IST 2009


On 18/08/2009 22:49, FRLinux wrote:
> Catching up on my emails while having returned from holidays. I am
> curious as of why the *\0. Certs is something i have experience with
> but haven't seen what you mention here. What does it do?

It's described here:

http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf

But you can imagine what would happen if you used strcpy() to copy a CN of 
"*\0any.domain.com" into a temporary buffer and then use the resulting 
string to do your wildard comparison.

Ouch.

Nick



More information about the Sysadmins mailing list