Fixed X.509 hostname comparison (with non-regular characters)

In situations with 'weird' certificate names or hostnames (containing non-western allowed names) the check would falsely report a name or wildcard match.
2013-11-20 17:23:53 +01:00 · 2013-11-20 17:23:53 +01:00 · f2b4d86452
commit f2b4d86452
parent c245834bc4
2 changed files with 10 additions and 2 deletions
--- a/4
+++ b/4
@ -1,5 +1,9 @@
 PolarSSL ChangeLog (Sorted per branch, date)

+= PolarSSL 1.3 branch
+Bugfix
+   * Fixed X.509 hostname comparison (with non-regular characters)
+
 = PolarSSL 1.3.2 released on 2013-11-04
 Features
   * PK tests added to test framework
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -1273,11 +1273,15 @@ static int x509_name_cmp( const void *s1, const void *s2, size_t len )
    {
        diff = n1[i] ^ n2[i];

-        if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 0 )
            continue;

-        if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 32 &&
+            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+        {
            continue;
+        }

        return( 1 );
    }