Return-Path: 
 <commits-return-32246-apmail-subversion-commits-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org
Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 760F91054B
	for <apmail-subversion-commits-archive@minotaur.apache.org>;
 Tue, 20 Aug 2013 22:28:31 +0000 (UTC)
Received: (qmail 58410 invoked by uid 500); 20 Aug 2013 22:28:31 -0000
Delivered-To: apmail-subversion-commits-archive@subversion.apache.org
Received: (qmail 58387 invoked by uid 500); 20 Aug 2013 22:28:31 -0000
Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@subversion.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@subversion.apache.org>
List-Post: <mailto:commits@subversion.apache.org>
List-Id: <commits.subversion.apache.org>
Reply-To: dev@subversion.apache.org
Delivered-To: mailing list commits@subversion.apache.org
Received: (qmail 58379 invoked by uid 99); 20 Aug 2013 22:28:31 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Aug 2013 22:28:31 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Aug 2013 22:28:30 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 9953D2388A29;
	Tue, 20 Aug 2013 22:28:10 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1515996 - in /subversion/branches/1.7.x: ./ STATUS
 subversion/libsvn_ra_serf/util.c
Date: Tue, 20 Aug 2013 22:28:10 -0000
To: commits@subversion.apache.org
From: breser@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20130820222810.9953D2388A29@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: breser
Date: Tue Aug 20 22:28:10 2013
New Revision: 1515996

URL: http://svn.apache.org/r1515996
Log:
Merge r1514763 from trunk:

 * r1514763
   ra_serf: Use case-insensitive hostname comparision when validating server
   certificate as it specified in RFC 2459.
   Justification:
     SSL certificate with uppercase letters considired as untrusted. Regression
     from neon.
   Votes:
     +1: rhuijben, stefan2, breser

Modified:
    subversion/branches/1.7.x/   (props changed)
    subversion/branches/1.7.x/STATUS
    subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c

Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1514763

Modified: subversion/branches/1.7.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/STATUS?rev=1515996&r1=1515995&r2=1515996&view=diff
==============================================================================
--- subversion/branches/1.7.x/STATUS (original)
+++ subversion/branches/1.7.x/STATUS Tue Aug 20 22:28:10 2013
@@ -119,11 +119,3 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1514763
-   ra_serf: Use case-insensitive hostname comparision when validating server
-   certificate as it specified in RFC 2459.
-   Justification:
-     SSL certificate with uppercase letters considired as untrusted. Regression
-     from neon.
-   Votes:
-     +1: rhuijben, stefan2, breser

Modified: subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c?rev=1515996&r1=1515995&r2=1515996&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_ra_serf/util.c Tue Aug 20 22:28:10 2013
@@ -242,11 +242,12 @@ ssl_server_cert(void *baton, int failure
       for (i = 0; i < san->nelts; i++) {
           char *s = APR_ARRAY_IDX(san, i, char*);
           if (apr_fnmatch(s, conn->hostname,
-                          APR_FNM_PERIOD) == APR_SUCCESS) {
+                          APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
+            {
               found_matching_hostname = 1;
               cert_info.hostname = s;
               break;
-          }
+            }
       }
   }
 
@@ -254,7 +255,7 @@ ssl_server_cert(void *baton, int failure
   if (!found_matching_hostname && cert_info.hostname)
     {
       if (apr_fnmatch(cert_info.hostname, conn->hostname,
-                      APR_FNM_PERIOD) == APR_FNM_NOMATCH)
+                      APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_FNM_NOMATCH)
         {
           svn_failures |= SVN_AUTH_SSL_CNMISMATCH;
         }