Web User Interface
Phone User Interface
governs to which degree the use of wild cards is permitted when doing host name validation as a part of validating a server certificate. This is done by setting one or more flags. For a description of what the flags mean, see the OpenSSL documentation. The value of the flags is as follows:
0 (no flags set) --> Wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example the host name "www.example.com" would match a certificate with a SAN or CN value of ".example.com", "w.example.com" or "*w.example.com".
X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT = 1 --> Always check subject name for host match even if subject alt names present
X509_CHECK_FLAG_NO_WILDCARDS = 2 --> Disable wildcard matching for dnsName fields and common name.
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 4 --> Wildcards must not match a partial label.
X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = 8 --> Allow (non-partial) wildcards to match multiple labels.
X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = 16 --> Constrain verifier subdomain patterns to match a single label.
To set multiple flags add up their values.
This setting is only effective if setting Settings/check_fqdn_against_server_cert is enabled.
0, 1, 2, 4, 8, 16 or the sum of one or more of these values
2 (in FW < 18.104.22.168 )