Content
D-SERIES
Web User Interface
N/A
Phone User Interface
N/A
Firmware
>=8.7.5.x
XML Configuration
<host_name_validation_flags perm="PERMISSIONFLAGS">VALIDVALUE</host_name_validation_flags>
Description
governs to which degree the use of wild cards is permitted when doing host name validation as a part of validating a server certificate. This is done by setting one or more flags. For a description of what the flags mean, see the OpenSSL documentation. The value of the flags is as follows:
0 (no flags set) --> Wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example the host name "www.example.com" would match a certificate with a SAN or CN value of ".example.com", "w.example.com" or "*w.example.com".
- X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT = 1 --> Always check subject name for host match even if subject alt names present
- X509_CHECK_FLAG_NO_WILDCARDS = 2 --> Disable wildcard matching for dnsName fields and common name.
- X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 4 --> Wildcards must not match a partial label.
- X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = 8 --> Allow (non-partial) wildcards to match multiple labels.
- X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = 16 --> Constrain verifier subdomain patterns to match a single label.
To set multiple flags add up their values.
This setting is only effective if the setting check_fqdn_against_server_cert is enabled.
Valid Values
0, 1, 2, 4, 8, 16 or the sum of one or more of these values
Default Value
0
2 (in FW < 8.7.5.71 )