search

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.
https://badssl.com
Apache License 2.0
2.81k stars 190 forks source link

FR: wildcard without domain #411

Open mimi89999 opened 4 years ago

mimi89999 commented 4 years ago

Could you please add some wildcard tests?

  1. A certificate valid only for *.example.com, but not example.com presented on example.com
  2. A certificate valid only for *.example.com presented on a.b.example.com

There seems to be some misconception about how wildcard certificates should work. I think that such tests would help a lot.