@@ -62,6 +62,11 @@ const tests = [
6262 cert : { subject : { CN : '.a.com' } } ,
6363 error : 'Host: a.com. is not cert\'s CN: .a.com'
6464 } ,
65+ {
66+ host : 'bad.x.example.com' ,
67+ cert : { subject : { CN : 'bad..example.com' } } ,
68+ error : 'Host: bad.x.example.com. is not cert\'s CN: bad..example.com'
69+ } ,
6570
6671 // IP address in CN. Technically allowed but so rare that we reject
6772 // it anyway. If we ever do start allowing them, we should take care
@@ -129,6 +134,16 @@ const tests = [
129134 cert : { subject : { CN : 'b*b.a.com' } } ,
130135 error : 'Host: b.a.com. is not cert\'s CN: b*b.a.com'
131136 } ,
137+ {
138+ host : 'bxa.a.com' ,
139+ cert : { subject : { CN : 'b**.a.com' } } ,
140+ error : 'Host: bxa.a.com. is not cert\'s CN: b**.a.com'
141+ } ,
142+ {
143+ host : 'xbcd.a.com' ,
144+ cert : { subject : { CN : 'ab*cd.a.com' } } ,
145+ error : 'Host: xbcd.a.com. is not cert\'s CN: ab*cd.a.com'
146+ } ,
132147
133148 // Empty Cert
134149 {
@@ -158,6 +173,11 @@ const tests = [
158173 subject : { CN : [ 'foo.com' , 'bar.com' ] } // CN=foo.com; CN=bar.com;
159174 }
160175 } ,
176+ {
177+ host : 'a.com' ,
178+ cert : { subject : { CN : [ '' ] } } ,
179+ error : 'Host: a.com. is not cert\'s CN: '
180+ } ,
161181
162182 // DNS names and CN
163183 {
@@ -212,6 +232,46 @@ const tests = [
212232 } ,
213233
214234 // DNS names
235+ {
236+ host : 'a.com' ,
237+ cert : {
238+ subjectaltname : 'DNS:' ,
239+ subject : { }
240+ } ,
241+ error : 'Host: a.com. is not in the cert\'s altnames: DNS:'
242+ } ,
243+ {
244+ host : 'bad.x.example.com' ,
245+ cert : {
246+ subjectaltname : 'DNS:bad..example.com' ,
247+ subject : { }
248+ } ,
249+ error : 'Host: bad.x.example.com. is not in the cert\'s altnames: DNS:bad..example.com'
250+ } ,
251+ {
252+ host : 'x.example.com' ,
253+ cert : {
254+ subjectaltname : 'DNS:caf\u00E9.example.com' , // "café.example.com"
255+ subject : { }
256+ } ,
257+ error : 'Host: x.example.com. is not in the cert\'s altnames: DNS:caf\u00E9.example.com'
258+ } ,
259+ {
260+ host : 'xbcd.a.com' ,
261+ cert : {
262+ subjectaltname : 'DNS:ab*cd.a.com' ,
263+ subject : { }
264+ } ,
265+ error : 'Host: xbcd.a.com. is not in the cert\'s altnames: DNS:ab*cd.a.com'
266+ } ,
267+ {
268+ host : 'x.example.com' ,
269+ cert : {
270+ subjectaltname : 'DNS:bad label.com' ,
271+ subject : { }
272+ } ,
273+ error : 'Host: x.example.com. is not in the cert\'s altnames: DNS:bad label.com'
274+ } ,
215275 {
216276 host : 'a.com' , cert : {
217277 subjectaltname : 'DNS:*.a.com' ,
@@ -261,6 +321,14 @@ const tests = [
261321 subject : { }
262322 }
263323 } ,
324+ {
325+ host : 'bxa.a.com' ,
326+ cert : {
327+ subjectaltname : 'DNS:b**.a.com' ,
328+ subject : { }
329+ } ,
330+ error : 'Host: bxa.a.com. is not in the cert\'s altnames: DNS:b**.a.com'
331+ } ,
264332 // URI names
265333 {
266334 host : 'a.b.a.com' , cert : {
0 commit comments