You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2006/02/17 12:43:45 UTC
svn commit: r378487 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_init.c
Author: jorton
Date: Fri Feb 17 03:43:37 2006
New Revision: 378487
URL: http://svn.apache.org/viewcvs?rev=378487&view=rev
Log:
* modules/ssl/ssl_engine_init.c (ssl_check_public_cert): Fix spurious
hostname-mismatch warning for valid wildcard certs.
PR: 37911
Submitted by: Nick Burch <nick torchbox.com>
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=378487&r1=378486&r2=378487&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 17 03:43:37 2006
@@ -2,6 +2,9 @@
Changes with Apache 2.3.0
[Remove entries to the current 2.0 and 2.2 section below, when backported]
+ *) mod_ssl: Fix spurious hostname mismatch warning for valid
+ wildcard certificates. PR 37911. [Nick Burch <nick torchbox.com>]
+
*) mod_proxy: Fix KeepAlives not being allowed and set to
backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=378487&r1=378486&r2=378487&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Feb 17 03:43:37 2006
@@ -856,14 +856,14 @@
if (SSL_X509_getCN(ptemp, cert, &cn)) {
int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND;
- if (apr_fnmatch_test(cn) &&
- (apr_fnmatch(cn, s->server_hostname,
- fnm_flags) == APR_FNM_NOMATCH))
- {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s server certificate wildcard CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
+ if (apr_fnmatch_test(cn)) {
+ if (apr_fnmatch(cn, s->server_hostname,
+ fnm_flags) == APR_FNM_NOMATCH) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+ "%s server certificate wildcard CommonName "
+ "(CN) `%s' does NOT match server name!?",
+ ssl_asn1_keystr(type), cn);
+ }
}
else if (strNE(s->server_hostname, cn)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,