nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Document subdomain matching of cert expr wildcards.

Browse Source 
In the manual, in comments, and in a new test.
This commit is contained in:
Jacob Nevins 2022-10-22 01:16:00 +01:00
parent 500568d204
commit 75ac444324
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/config.but
View File

@ -2724,10 +2724,14 @@ hosts}
The simplest thing you can enter in the \q{Valid hosts this key is The simplest thing you can enter in the \q{Valid hosts this key is
trusted to certify} edit box is just a hostname wildcard such as trusted to certify} edit box is just a hostname wildcard such as
\cq{*.example.com}. But you can also enter multiple host name \cq{*.example.com}. This matches any host in any subdomain, so
wildcards, and port number ranges, and make complicated Boolean both \cq{ssh.example.com} and \cq{login.dept.example.com} would
expressions out of them using the operators \cq{&&} for \q{and}, match, but \cq{prod.example.net} would not.
\cq{||} for \q{or}, \cq{!} for \q{not}, and parentheses.
But you can also enter multiple host name wildcards, and port number
ranges, and make complicated Boolean expressions out of them using the
operators \cq{&&} for \q{and}, \cq{||} for \q{or}, \cq{!} for \q{not},
and parentheses.
For example, here are some other things you could enter. For example, here are some other things you could enter.

5
utils/cert-expr.c
View File

@ -41,7 +41,9 @@ Syntax layer: all of those types of atom are interpreted as predicates
applied to the (hostname, port) data configured for the SSH connection applied to the (hostname, port) data configured for the SSH connection
for which the certificate is being validated. for which the certificate is being validated.
Wildcards are handled using the syntax in wildcard.c. Wildcards are handled using the syntax in wildcard.c. The dot-
separated structure of hostnames is thus not special; the '*' in
"*.example.com" will match any number of subdomains under example.com.
More complex boolean expressions can be made by combining those More complex boolean expressions can be made by combining those
predicates using the boolean operators and parentheses, in the obvious predicates using the boolean operators and parentheses, in the obvious
@ -778,6 +780,7 @@ static const struct EvalTest {
T("*.example.com", "hostname.example.com", 22, true), T("*.example.com", "hostname.example.com", 22, true),
T("*.example.com", "hostname.example.org", 22, false), T("*.example.com", "hostname.example.org", 22, false),
T("*.example.com", "hostname.dept.example.com", 22, true),
T("*.example.com && port:22", "hostname.example.com", 21, false), T("*.example.com && port:22", "hostname.example.com", 21, false),
T("*.example.com && port:22", "hostname.example.com", 22, true), T("*.example.com && port:22", "hostname.example.com", 22, true),
T("*.example.com && port:22", "hostname.example.com", 23, false), T("*.example.com && port:22", "hostname.example.com", 23, false),