bug65729.phpt

Michael Wallner Tue, 08 Oct 2013 07:00:57 -0700

Commit:    6106896440572dd8093acdd11ea691a07d9b169c
Author:    datibbaw <datib...@php.net>         Tue, 8 Oct 2013 10:07:54 +0800
Parents:   39c0daeb71f76ce22dc604bda8a063319fd55e59
Branches:  master


Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=6106896440572dd8093acdd11ea691a07d9b169c

Log:
DNS name comparison is now case insensitive.

Changed paths:
  M  ext/openssl/openssl.c
  M  ext/openssl/tests/bug65729.phpt


Diff:
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 2b34570..15cf798 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4834,7 +4834,7 @@ static zend_bool php_openssl_match_cn(const char 
*subjectname, const char *certn
        char *wildcard;
        int prefix_len, suffix_len, subject_len;
 
-       if (strcmp(subjectname, certname) == 0) {
+       if (strcasecmp(subjectname, certname) == 0) {
                return 1;
        }
 
@@ -4844,7 +4844,7 @@ static zend_bool php_openssl_match_cn(const char 
*subjectname, const char *certn
 
        // 1) prefix, if not empty, must match subject
        prefix_len = wildcard - certname;
-       if (prefix_len && strncmp(subjectname, certname, prefix_len) != 0) {
+       if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
                return 0;
        }
 
@@ -4854,7 +4854,7 @@ static zend_bool php_openssl_match_cn(const char 
*subjectname, const char *certn
                /* 2) suffix must match
                 * 3) no . between prefix and suffix
                 **/
-               return strcmp(wildcard + 1, subjectname + subject_len - 
suffix_len) == 0 &&
+               return strcasecmp(wildcard + 1, subjectname + subject_len - 
suffix_len) == 0 &&
                        memchr(subjectname + prefix_len, '.', subject_len - 
suffix_len - prefix_len) == NULL;
        }
 
diff --git a/ext/openssl/tests/bug65729.phpt b/ext/openssl/tests/bug65729.phpt
index 7008f3c..c0ee444 100644
--- a/ext/openssl/tests/bug65729.phpt
+++ b/ext/openssl/tests/bug65729.phpt
@@ -13,7 +13,7 @@ stream_context_set_option($context, 'ssl', 
'allow_self_signed', true);
 $server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
        STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
 
-$expected_names = array('foo.test.com.sg', 'foo.test.com', 'foo.bar.test.com');
+$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 
'foo.bar.test.com');
 
 $pid = pcntl_fork();
 if ($pid == -1) {
@@ -44,6 +44,7 @@ Warning: stream_socket_client(): Failed to enable crypto in 
%s on line %d
 Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 
(Unknown error) in %s on line %d
 bool(false)
 resource(%d) of type (stream)
+resource(%d) of type (stream)
 
 Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not 
match expected CN=`foo.bar.test.com' in %s on line %d


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] com php-src: DNS name comparison is now case insensitive.: ext/openssl/openssl.c ext/openssl/tests/bug65729.phpt

Reply via email to