subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1515996 - in /subversion/branches/1.7.x: ./ STATUS subversion/libsvn_ra_serf/util.c
Date Tue, 20 Aug 2013 22:28:10 GMT
Author: breser
Date: Tue Aug 20 22:28:10 2013
New Revision: 1515996

URL: http://svn.apache.org/r1515996
Log:
Merge r1514763 from trunk:

 * r1514763
   ra_serf: Use case-insensitive hostname comparision when validating server
   certificate as it specified in RFC 2459.
   Justification:
     SSL certificate with uppercase letters considired as untrusted. Regression
     from neon.
   Votes:
     +1: rhuijben, stefan2, breser

Modified:
    subversion/branches/1.7.x/   (props changed)
    subversion/branches/1.7.x/STATUS
    subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c

Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1514763

Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1515996&r1=1515995&r2=1515996&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Tue Aug 20 22:28:10 2013
@@ -119,11 +119,3 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1514763
-   ra_serf: Use case-insensitive hostname comparision when validating server
-   certificate as it specified in RFC 2459.
-   Justification:
-     SSL certificate with uppercase letters considired as untrusted. Regression
-     from neon.
-   Votes:
-     +1: rhuijben, stefan2, breser

Modified: subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c?rev=1515996&r1=1515995&r2=1515996&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c Tue Aug 20 22:28:10 2013
@@ -242,11 +242,12 @@ ssl_server_cert(void *baton, int failure
       for (i = 0; i < san->nelts; i++) {
           char *s = APR_ARRAY_IDX(san, i, char*);
           if (apr_fnmatch(s, conn->hostname,
-                          APR_FNM_PERIOD) == APR_SUCCESS) {
+                          APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
+            {
               found_matching_hostname = 1;
               cert_info.hostname = s;
               break;
-          }
+            }
       }
   }
 
@@ -254,7 +255,7 @@ ssl_server_cert(void *baton, int failure
   if (!found_matching_hostname && cert_info.hostname)
     {
       if (apr_fnmatch(cert_info.hostname, conn->hostname,
-                      APR_FNM_PERIOD) == APR_FNM_NOMATCH)
+                      APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_FNM_NOMATCH)
         {
           svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
         }



Mime
View raw message