san_ipv6_peer_matching.phpt - OpenGrok history log for /PHP-8.3/ext/openssl/tests/san_ipv6_peer

Revision		Date	Author	Comments
# fd09728b		28-Apr-2023	James Lucas	Fix bug GH-9356: Incomplete SAN validation of IPv6 address IPv6 addresses are valid entries in subjectAltNames. Certificate Authorities may issue certificates including IPv6 addresses ex Fix bug GH-9356: Incomplete SAN validation of IPv6 address IPv6 addresses are valid entries in subjectAltNames. Certificate Authorities may issue certificates including IPv6 addresses except if they fall within addresses in the RFC 4193 range. Google and CloudFlare provide IPv6 addresses in their DNS over HTTPS services. Internal CAs do not have those restrictions and can issue Unique local addresses in certificates. Closes GH-11145 show more ...

Revision

Date

Author

Comments

# fd09728b

28-Apr-2023

James Lucas

Fix bug GH-9356: Incomplete SAN validation of IPv6 address

IPv6 addresses are valid entries in subjectAltNames. Certificate
Authorities may issue certificates including IPv6 addresses ex

Fix bug GH-9356: Incomplete SAN validation of IPv6 address

IPv6 addresses are valid entries in subjectAltNames. Certificate
Authorities may issue certificates including IPv6 addresses except
if they fall within addresses in the RFC 4193 range. Google and
CloudFlare provide IPv6 addresses in their DNS over HTTPS services.

Internal CAs do not have those restrictions and can issue Unique
local addresses in certificates.

Closes GH-11145