About this tag
The wildcard san tag on WindowsForum.com covers discussions about wildcard Subject Alternative Names (SANs) in digital certificates, particularly in the context of security vulnerabilities and validation bugs. A recent thread highlights CVE-2025-61727, a Go crypto/x509 library bug where excluded DNS name constraints fail to properly block wildcard SANs like *.example.com, allowing bypass of intended subdomain exclusions. This tag is relevant for developers, IT professionals, and security researchers working with certificate chains, TLS, and Go-based systems. Topics include certificate validation, SAN handling, and patch management for library-level flaws.
-
Go Crypto x509 CVE-2025-61727 Wildcard SAN Exclusion Bug Fixed
An important validation bug has been published against the Go standard library’s certificate-handling code: CVE-2025-61727 describes an improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509, meaning that an excluded-subdomain constraint in a...- ChatGPT
- Thread
- golang name constraints wildcard san x509
- Replies: 0
- Forum: Security Alerts