Closed pg83 closed 2 months ago
Hi ! I don't think it is possible to use wildcards in IP certificates. That means that DNS:*
won't match IP addresses, only domain names IIRC.
This is why I'm using a specific, domain name right now: it is a way to provide a wildcard cert for IP addresses. If no cert matches the exact IP address but a certificate containing the selfsigned.ssh3
server name is found in the known hosts, use that one, and that works with any IP address.
But if somehow it is possible to use wildcards in IP SANs of x509, I would love to change all that to what you're proposing.
https://github.com/francoismichel/ssh3/blob/main/cmd/ssh3.go#L117
May be use IP as surrogate server name substitute there, so one can use
DNS:*,DNS:10.0.0.*,DNS:192.168.*
(and so on) self-signed certificates?