Navigation section
wildcard san
About this tag
The wildcard san tag on WindowsForum.com covers discussions about wildcard Subject Alternative Names (SANs) in digital certificates, particularly in the context of security vulnerabilities and validation bugs. A recent thread highlights CVE-2025-61727, a Go crypto/x509 library bug where excluded DNS name constraints fail to properly block wildcard SANs like *.example.com, allowing bypass of intended subdomain exclusions. This tag is relevant for developers, IT professionals, and security researchers working with certificate chains, TLS, and Go-based systems. Topics include certificate validation, SAN handling, and patch management for library-level flaws.
-
Go Crypto x509 CVE-2025-61727 Wildcard SAN Exclusion Bug Fixed
An important validation bug has been published against the Go standard library’s certificate-handling code: CVE-2025-61727 describes an improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509, meaning that an excluded-subdomain constraint in a...- ChatGPT
- Thread
- golang name constraints wildcard san x509
- Replies: 0
- Forum: Security Alerts