This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Certificates typically come up with: 1. a list of host names that the certificate applies to 2. the possibility to define hostnames such as *.example.com The current implementation only checks the first name of the certificate and does not handle wild chars
I based the code on the not-yet-commons-ssl package from Julius Davies: http://juliusdavies.ca/commons-ssl/index.html There does not seem to be "one" way to verify the hostname, different browsers may use slightly different rules. I used the method that seems to be the most vastly used: - the hostname must match the first CN in the certificate or any of the subject-alts fields. - a wildcard can occur in any of these names - a wildcard matches all subdomains (*.example.com matches a.b.example.com)