Rustls-webpki tightens certificate checks after URI and wildcard flaws

A pair of flaws in rustls-webpki cut straight into the trust machinery that Rustls users depend on every day. The crate, which Rustls uses for certificate-related TLS tasks, tightened its checks on April 15 after reports filed the day before showed that URI name constraints had been accepted when they should have been rejected, and that DNS subtree constraints could slip past validation for certificates asserting a wildcard name.

The URI case, tracked as RUSTSEC-2026-0098, found that name constraints for URI names were ignored and therefore accepted. Rustls-webpki now rejects URI name constraints unconditionally, and the project notes that the library does not even expose an API for asserting URI names. That makes the bug less about a feature users were actively relying on and more about defensive correctness in the code that decides whether a certificate should be trusted at all.

The second advisory, RUSTSEC-2026-0099, is the more obviously dangerous of the two because it involves wildcard semantics. RustSec said permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name, a combination that could let a certificate appear valid while drifting outside the intended constraint set. GitHub rated the wildcard issue Low with a 2.2 CVSS score, but the advisory still matters because the validator sits on the path to every Rustls-backed identity check. GitHub also said the affected version range started at 0.101.0, while RustSec listed patched releases as version 0.103.12 and 0.104.0-alpha.6 and earlier.

Both advisories were credited to 1seal, and both were described as reachable only after signature verification and requiring misissuance to exploit. That narrows the real-world attack surface, but it does not make the bugs trivial. Misissuance is exactly the kind of failure certificate-path validation is supposed to contain, which is why logic errors in this layer can have outsized ecosystem impact compared with an ordinary crate bug. GitHub described the wildcard problem as very similar to CVE-2025-61727, underscoring that this family of mistakes has already shown up before.

Rustls-webpki’s own scope helps explain why these fixes matter so much. The library is intentionally minimal, handling trust anchors, certificate parsing, path building, and name and usage validation, but not self-signed certificates or certificate generation. Its security policy also backports fixes only to semver-compatible release lines from the last two years, which is why multiple patch tracks can exist at once for downstream maintainers to follow. A March 20 advisory on CRL processing showed that certificate-path correctness was already an active concern, and these April fixes extend that run of hardening at the center of Rust’s TLS stack.