Skip to content

make cn field a valid single hostname, and use wildcard in SANs field.#2892

Merged
davidism merged 1 commit intopallets:3.0.xfrom
afdy:fix-tls
May 5, 2024
Merged

make cn field a valid single hostname, and use wildcard in SANs field.#2892
davidism merged 1 commit intopallets:3.0.xfrom
afdy:fix-tls

Conversation

@afdy
Copy link
Copy Markdown
Contributor

@afdy afdy commented May 2, 2024
edited by davidism
Loading

fix: name and wildcard in the cn field doesn't validate for many TLS clients.

This resolves an issue with TLS validation from local clients by changing the cn name format so that clients like wget, and python requests accept it, while hopefully maintaining the same behaviour.

old:

        Subject: O=Dummy Certificate, CN=*.localhost/CN=localhost
            X509v3 Subject Alternative Name:
                DNS:*.localhost/CN=localhost

new:

        Subject: O=Dummy Certificate, CN=localhost
            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:*.localhost

fixes #2891

ThiefMaster
ThiefMaster reviewed May 2, 2024
View reviewed changes
Comment thread src/werkzeug/serving.py Outdated
@afdy afdy changed the title fix: make cn field a valid single hostname, and use wildcard to SANs field. fix: make cn field a valid single hostname, and use wildcard in SANs field. May 2, 2024
@davidism davidism changed the title fix: make cn field a valid single hostname, and use wildcard in SANs field. make cn field a valid single hostname, and use wildcard in SANs field. May 2, 2024
davidism
davidism reviewed May 2, 2024
View reviewed changes
Comment thread src/werkzeug/serving.py
@pallets pallets deleted a comment from jamesleesaunders May 3, 2024
@davidism davidism added this to the 3.0.3 milestone May 4, 2024
@davidism davidism added the server label May 4, 2024
@afdy @davidism
update adhoc tls dev cert format
793be47 
single host in cn field
san extension for wildcard name
@davidism davidism changed the base branch from main to 3.0.x May 5, 2024 14:49
@davidism davidism closed this May 5, 2024
@davidism davidism reopened this May 5, 2024
@davidism davidism merged commit 249527f into pallets:3.0.x May 5, 2024
@github-actions github-actions Bot locked as resolved and limited conversation to collaborators May 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@ThiefMaster ThiefMaster ThiefMaster left review comments

@davidism davidism davidism left review comments

Assignees

No one assigned

Labels

server

Projects

None yet

Milestone

3.0.3

Development

Successfully merging this pull request may close these issues.

TLS validation in local dev does not work

3 participants

@afdy @ThiefMaster @davidism