John Nagle schrieb:
> Question: Is a certificate for "*.example.com" considered valid for
> OpenSSL seems to say no, but Firefox 2 says yes. Try
> "https://stanford.edu" for a test.
IIRC OpenSSL does not accept wildcards at all in s_client. The library
itself does not make any decision wether a name in a certificate matches
the (host-)name the application tried to connect to.
RFC2459 is waaayyyy obsolete, it has been replaced by RFC3280, and
then by RFC5280. It can't discuss wildcards, since it's an SSL-only
use case. Same goes for the X.509 standard (which is free to download
in PDF format).