Author: ivan
Date: Fri Aug 16 15:54:29 2013
New Revision: 1514763
URL: http://svn.apache.org/r1514763
Log:
ra_serf: Use case-insensitive hostname comparision when validating server
certificate as it specified in RFC 2459.
* subversion/libsvn_ra_serf/util.c
(ssl_server_cert): Use APR_FNM_CASE_BLIND flag when matching
server certificate hostname.
Modified:
subversion/trunk/subversion/libsvn_ra_serf/util.c
Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/util.c?rev=1514763&r1=1514762&r2=1514763&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/util.c Fri Aug 16 15:54:29 2013
@@ -259,11 +259,12 @@ ssl_server_cert(void *baton, int failure
for (i = 0; i < san->nelts; i++) {
char *s = APR_ARRAY_IDX(san, i, char*);
if (apr_fnmatch(s, conn->session->session_url.hostname,
- APR_FNM_PERIOD) == APR_SUCCESS) {
+ APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
+ {
found_matching_hostname = 1;
cert_info.hostname = s;
break;
- }
+ }
}
}
@@ -271,7 +272,7 @@ ssl_server_cert(void *baton, int failure
if (!found_matching_hostname && cert_info.hostname)
{
if (apr_fnmatch(cert_info.hostname, conn->session->session_url.hostname,
- APR_FNM_PERIOD) == APR_FNM_NOMATCH)
+ APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_FNM_NOMATCH)
{
svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
}
