Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make cn field a valid single hostname, and use wildcard in SANs field. #2892

Merged
merged 1 commit into from May 5, 2024
Merged

make cn field a valid single hostname, and use wildcard in SANs field. #2892

merged 1 commit into from May 5, 2024
+6 −2

Conversation

afdy
Copy link
Contributor

@afdy afdy commented May 2, 2024
edited by davidism

fix: name and wildcard in the cn field doesn't validate for many TLS clients.

This resolves an issue with TLS validation from local clients by changing the cn name format so that clients like wget, and python requests accept it, while hopefully maintaining the same behaviour.

old:

        Subject: O=Dummy Certificate, CN=*.localhost/CN=localhost
            X509v3 Subject Alternative Name:
                DNS:*.localhost/CN=localhost

new:

        Subject: O=Dummy Certificate, CN=localhost
            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:*.localhost

fixes #2891

ThiefMaster
ThiefMaster reviewed May 2, 2024
View reviewed changes
src/werkzeug/serving.py Outdated Show resolved Hide resolved
@afdy afdy changed the title fix: make cn field a valid single hostname, and use wildcard to SANs field. fix: make cn field a valid single hostname, and use wildcard in SANs field. May 2, 2024
@davidism davidism changed the title fix: make cn field a valid single hostname, and use wildcard in SANs field. make cn field a valid single hostname, and use wildcard in SANs field. May 2, 2024
@pallets pallets deleted a comment from jamesleesaunders May 3, 2024
@davidism davidism added this to the 3.0.3 milestone May 4, 2024
@davidism davidism added the server label May 4, 2024
@afdy @davidism
update adhoc tls dev cert format
793be47 
single host in cn field
san extension for wildcard name
@davidism davidism changed the base branch from main to 3.0.x May 5, 2024 14:49
@davidism davidism closed this May 5, 2024
@davidism davidism reopened this May 5, 2024
@davidism davidism merged commit 249527f into pallets:3.0.x May 5, 2024
11 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ThiefMaster ThiefMaster ThiefMaster left review comments

@davidism davidism davidism left review comments

Assignees
No one assigned
Labels
server
Projects
None yet
Milestone
3.0.3
Development

Successfully merging this pull request may close these issues.

TLS validation in local dev does not work
3 participants
@afdy @ThiefMaster @davidism