Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CAs permitted/excluded DNS name constraints could be accepted.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wolfssl | Wolfssl | 3.9.10 (including) | 5.9.2 (excluding) |
| Wolfssl | Ubuntu | questing | * |