httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r572630 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/ssl/ssl_engine_init.c
Date Tue, 04 Sep 2007 11:44:14 GMT
Author: jim
Date: Tue Sep  4 04:44:14 2007
New Revision: 572630

URL: http://svn.apache.org/viewvc?rev=572630&view=rev
Log:
Merge r378487 from trunk:

* modules/ssl/ssl_engine_init.c (ssl_check_public_cert): Fix spurious
hostname-mismatch warning for valid wildcard certs.

PR: 37911
Submitted by: Nick Burch <nick torchbox.com>

Submitted by: jorton
Reviewed by: jim

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=572630&r1=572629&r2=572630&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Sep  4 04:44:14 2007
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.6
 
+  *) mod_ssl: Fix spurious hostname mismatch warning for valid
+     wildcard certificates.  PR 37911.  [Nick Burch <nick torchbox.com>]
+
   *) mod_mem_cache: Increase the minimum and default value for
      MCacheMinObjectSize from 0 to 1, as a MCacheMinObjectSize of 0 does not
      make sense and leads to a division by zero.  PR 40576.

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=572630&r1=572629&r2=572630&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Sep  4 04:44:14 2007
@@ -80,14 +80,6 @@
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
 
-    * mod_ssl: Fix spurious hostname-mismatch warning for valid wildcard certs.
-      PR 37911.
-      Trunk version of patch:
-         http://svn.apache.org/viewcvs.cgi?rev=378487&view=rev
-      Backport version for 2.2.x of patch:
-         Trunk version of patch works
-      +1: rpluem, fielding, jim
-
     * mod_info: mod_info outputs invalid XHTML 1.0 Transitional.
       PR 42847.
       Trunk version of patch:

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=572630&r1=572629&r2=572630&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Tue Sep  4 04:44:14 2007
@@ -826,14 +826,14 @@
     if (SSL_X509_getCN(ptemp, cert, &cn)) {
         int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND;
 
-        if (apr_fnmatch_test(cn) &&
-            (apr_fnmatch(cn, s->server_hostname,
-                         fnm_flags) == APR_FNM_NOMATCH))
-        {
-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                         "%s server certificate wildcard CommonName (CN) `%s' "
-                         "does NOT match server name!?",
-                         ssl_asn1_keystr(type), cn);
+        if (apr_fnmatch_test(cn)) {
+            if (apr_fnmatch(cn, s->server_hostname,
+                            fnm_flags) == APR_FNM_NOMATCH) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+                             "%s server certificate wildcard CommonName "
+                             "(CN) `%s' does NOT match server name!?",
+                             ssl_asn1_keystr(type), cn);
+            }
         }
         else if (strNE(s->server_hostname, cn)) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,



Mime
View raw message