You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2013/08/19 21:17:14 UTC

svn commit: r1515565 - in /httpd/httpd/branches/2.2.x: ./ CHANGES modules/ssl/ssl_engine_kernel.c

Author: jorton
Date: Mon Aug 19 19:17:14 2013
New Revision: 1515565

URL: http://svn.apache.org/r1515565
Log:
Merge 1082189 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI
  hostname against Host header case-insensitively.

PR: 49491
Submitted by: Mayank Agrawal <magrawal.08 gmail.com>
Reviewed by: rpluem, trawick, covener

Modified:
    httpd/httpd/branches/2.2.x/   (props changed)
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c

Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1082189

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1515565&r1=1515564&r2=1515565&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Aug 19 19:17:14 2013
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.26
 
+  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]
+
   *) mod_ssl: Change default for SSLCompression to off, as compression
      causes security issues in most setups. (The so called "CRIME" attack).
      [Stefan Fritsch]

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=1515565&r1=1515564&r2=1515565&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c Mon Aug 19 19:17:14 2013
@@ -115,7 +115,7 @@ int ssl_hook_ReadReq(request_rec *r)
         if (rv != APR_SUCCESS || scope_id) {
             return HTTP_BAD_REQUEST;
         }
-        if (strcmp(host, servername)) {
+        if (strcasecmp(host, servername)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI and hostname %s provided"
                         " via HTTP are different", servername, host);