Fixed X.509 hostname comparison (with non-regular characters)
In situations with 'weird' certificate names or hostnames (containing non-western allowed names) the check would falsely report a name or wildcard match.
This commit is contained in:
Paul Bakker
parent
c245834bc4
commit
f2b4d86452
@ -1,5 +1,9 @@
|
|||||||
PolarSSL ChangeLog (Sorted per branch, date)
|
PolarSSL ChangeLog (Sorted per branch, date)
|
||||||
|
|
||||||
|
= PolarSSL 1.3 branch
|
||||||
|
Bugfix
|
||||||
|
* Fixed X.509 hostname comparison (with non-regular characters)
|
||||||
|
|
||||||
= PolarSSL 1.3.2 released on 2013-11-04
|
= PolarSSL 1.3.2 released on 2013-11-04
|
||||||
Features
|
Features
|
||||||
* PK tests added to test framework
|
* PK tests added to test framework
|
||||||
|
|||||||
@ -1273,11 +1273,15 @@ static int x509_name_cmp( const void *s1, const void *s2, size_t len )
|
|||||||
{
|
{
|
||||||
diff = n1[i] ^ n2[i];
|
diff = n1[i] ^ n2[i];
|
||||||
|
|
||||||
if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
|
if( diff == 0 )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
|
if( diff == 32 &&
|
||||||
|
( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
|
||||||
|
( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
|
||||||
|
{
|
||||||
continue;
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
return( 1 );
|
return( 1 );
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user