Skip to content

Cherry-pick #14542#14543

Merged
alex merged 5 commits into46.0.xfrom
ww/cherry
Mar 25, 2026
Merged

Cherry-pick #14542#14543
alex merged 5 commits into46.0.xfrom
ww/cherry

Conversation

@woodruffw
Copy link
Copy Markdown
Contributor

@woodruffw woodruffw commented Mar 25, 2026
edited
Loading

Also preps the release version.

@woodruffw
Further restrict DNS wildcards in name constraint matching (#14542)
80ff471 
* Further restruct DNS wildcards in name constraint matching

Signed-off-by: William Woodruff <william@yossarian.net>

* Bump limbo

Signed-off-by: William Woodruff <william@yossarian.net>

---------

Signed-off-by: William Woodruff <william@yossarian.net>
@woodruffw
CHANGELOG: record changes
58a4eb0 
Signed-off-by: William Woodruff <william@yossarian.net>
@woodruffw
Bump version to 46.0.6
6dc132c 
Signed-off-by: William Woodruff <william@yossarian.net>
@woodruffw woodruffw requested a review from alex March 25, 2026 23:02
@woodruffw woodruffw self-assigned this Mar 25, 2026
alex
alex reviewed Mar 25, 2026
View reviewed changes
CHANGELOG.rst Outdated

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
to peer names during verification when the leaf certificate contains a
wildcard DNS SAN. **CVE-2026-34073**
Copy link
Copy Markdown
Member

@alex alex Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please credit the reporter (see other CVE entries)

also can you phrase this in a way that makes it clearer that it doesn't effect 99.999% of people

woodruffw and others added 2 commits March 25, 2026 19:08
@woodruffw
Bump x509-limbo and/or wycheproof in CI (#14127)
c321612 
* Bump x509-limbo and/or wycheproof in CI

* Skip 9 cabf::cn testcases

Signed-off-by: William Woodruff <william@yossarian.net>

---------

Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
@woodruffw
Add credit to CHANGELOG
7296f86 
Signed-off-by: William Woodruff <william@yossarian.net>
@woodruffw woodruffw marked this pull request as ready for review March 25, 2026 23:14
@alex alex enabled auto-merge (squash) March 25, 2026 23:20
@alex alex merged commit 91d7288 into 46.0.x Mar 25, 2026
122 checks passed
@alex alex deleted the ww/cherry branch March 25, 2026 23:24
@UTsweetyfish UTsweetyfish mentioned this pull request Mar 31, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alex alex alex approved these changes

Assignees

@woodruffw woodruffw

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@woodruffw @alex