Require that X.509 wildcards start with "*.",

rather than just "*", to make abuse harder.
author: Matthias Andree <matthias.andree@gmx.de> 2010-08-27 20:59:54 +0200
committer: Matthias Andree <matthias.andree@gmx.de> 2010-08-27 21:10:43 +0200
commit: 0fc373e3e6c2a4016bdf2467eba2d59c920158e1 (patch)
tree: 5f3b5dcc0135dc12466328ce44a9cfe9df916f5a /NEWS
parent: 121bfdf03f639a0979d340f60880038fafc739b0 (diff)
download: fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.gz
fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.bz2
fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 81b2ee3c..9f429a22 100644
--- a/NEWS
+++ b/NEWS
@@ -78,6 +78,9 @@ fetchmail-6.3.18 (not yet released):
   credentials. This avoids getting servers such as Exchange 2007 wedged if
   GSSAPI authentication fails.  Reported by Patrick Rynhart, Debian Bug #568455,
   and Alan Murrell, to the fetchmail-users list.
+* Fetchmail now only accepts wildcard certificate common names and subject
+  alternative names if they start with "*.". Previous versions would accept
+  wildcards even if no period followed immediately.
 
 # CHANGES
 * When encountering incorrect headers, fetchmail will refer to the bad-header
author	Matthias Andree <matthias.andree@gmx.de>	2010-08-27 20:59:54 +0200
committer	Matthias Andree <matthias.andree@gmx.de>	2010-08-27 21:10:43 +0200
commit	0fc373e3e6c2a4016bdf2467eba2d59c920158e1 (patch)
tree	5f3b5dcc0135dc12466328ce44a9cfe9df916f5a /NEWS
parent	121bfdf03f639a0979d340f60880038fafc739b0 (diff)
download	fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.gz fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.bz2 fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.zip