On 08/22/2013 05:25 PM, Adam Back wrote:
(I really dont think a browser vendor would accept *.com nor especially *. as a valid site cert wildcard. It does get fiddly because you also want *.co.uk etc to be invalid but they have some built in tables of such things to differentiate a TLD from a domain).
About three years ago I looked at that code on WebOS (Palm smart phones). The code came from Webkit which is what Google's and Apple's browsers were based on. It did not accept *.com, certainly not *., and had some complex logic to decide what to accept. I doubt that Mozilla accepts *.com or *. as well. Few modern CAs issue certs with wildcards in the CN. Instead they use the SubjectAlternateName extension which can have multiple entries, reducing or eliminating the need for wildcards. Eric