Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 22786 invoked from network); 17 Feb 2006 11:44:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Feb 2006 11:44:11 -0000 Received: (qmail 32384 invoked by uid 500); 17 Feb 2006 11:44:10 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 32328 invoked by uid 500); 17 Feb 2006 11:44:09 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 32317 invoked by uid 99); 17 Feb 2006 11:44:08 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Feb 2006 03:44:08 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 17 Feb 2006 03:44:08 -0800 Received: (qmail 22453 invoked by uid 65534); 17 Feb 2006 11:43:47 -0000 Message-ID: <20060217114347.22433.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r378487 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c Date: Fri, 17 Feb 2006 11:43:45 -0000 To: cvs@httpd.apache.org From: jorton@apache.org X-Mailer: svnmailer-1.0.6 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: jorton Date: Fri Feb 17 03:43:37 2006 New Revision: 378487 URL: http://svn.apache.org/viewcvs?rev=378487&view=rev Log: * modules/ssl/ssl_engine_init.c (ssl_check_public_cert): Fix spurious hostname-mismatch warning for valid wildcard certs. PR: 37911 Submitted by: Nick Burch Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=378487&r1=378486&r2=378487&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 17 03:43:37 2006 @@ -2,6 +2,9 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) mod_ssl: Fix spurious hostname mismatch warning for valid + wildcard certificates. PR 37911. [Nick Burch ] + *) mod_proxy: Fix KeepAlives not being allowed and set to backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski] Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=378487&r1=378486&r2=378487&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Feb 17 03:43:37 2006 @@ -856,14 +856,14 @@ if (SSL_X509_getCN(ptemp, cert, &cn)) { int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND; - if (apr_fnmatch_test(cn) && - (apr_fnmatch(cn, s->server_hostname, - fnm_flags) == APR_FNM_NOMATCH)) - { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, - "%s server certificate wildcard CommonName (CN) `%s' " - "does NOT match server name!?", - ssl_asn1_keystr(type), cn); + if (apr_fnmatch_test(cn)) { + if (apr_fnmatch(cn, s->server_hostname, + fnm_flags) == APR_FNM_NOMATCH) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, + "%s server certificate wildcard CommonName " + "(CN) `%s' does NOT match server name!?", + ssl_asn1_keystr(type), cn); + } } else if (strNE(s->server_hostname, cn)) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,