Fedora Account System
Red Hat Associate
Red Hat Customer
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.
This issue has been addressed in the following products: Cryostat 4 on RHEL 9 Via RHSA-2026:14391 https://access.redhat.com/errata/RHSA-2026:14391
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19135 https://access.redhat.com/errata/RHSA-2026:19135
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19144 https://access.redhat.com/errata/RHSA-2026:19144
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19353 https://access.redhat.com/errata/RHSA-2026:19353
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:19719 https://access.redhat.com/errata/RHSA-2026:19719
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:19721 https://access.redhat.com/errata/RHSA-2026:19721
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:19720 https://access.redhat.com/errata/RHSA-2026:19720