I received some feedback from a Sun Java developer, saying that JSSE's
interpretation of wildcards allows "*" to appear any number of times in
each component of a DNS name in a cert. It simply does not match a dot.
So, for example, given an attempt to connect to https://java.sun.com
JSSE would match java.sun.com with
j*.sun.com
*va.sun.com
j*va.sun.com
j*v*.sun.com
java.*.com
java.*.*
*.*.*
but would not match
java.*
*sun.com
The writer believes that behavior is what is required by RFC 2818.
I received some feedback from a Sun Java developer, saying that JSSE's
interpretation of wildcards allows "*" to appear any number of times in
each component of a DNS name in a cert. It simply does not match a dot.
So, for example, given an attempt to connect to https:/ /java.sun. com
JSSE would match java.sun.com with
j*.sun.com
*va.sun.com
j*va.sun.com
j*v*.sun.com
java.*.com
java.*.*
*.*.*
but would not match
java.*
*sun.com
The writer believes that behavior is what is required by RFC 2818.