From 0fc373e3e6c2a4016bdf2467eba2d59c920158e1 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Fri, 27 Aug 2010 20:59:54 +0200
Subject: Require that X.509 wildcards start with "*.",

rather than just "*", to make abuse harder.
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 81b2ee3c..9f429a22 100644
--- a/NEWS
+++ b/NEWS
@@ -78,6 +78,9 @@ fetchmail-6.3.18 (not yet released):
   credentials. This avoids getting servers such as Exchange 2007 wedged if
   GSSAPI authentication fails.  Reported by Patrick Rynhart, Debian Bug #568455,
   and Alan Murrell, to the fetchmail-users list.
+* Fetchmail now only accepts wildcard certificate common names and subject
+  alternative names if they start with "*.". Previous versions would accept
+  wildcards even if no period followed immediately.
 
 # CHANGES
 * When encountering incorrect headers, fetchmail will refer to the bad-header
-- 
cgit v1.2.3