# HG changeset patch
# User masneyb
# Date 1153358458 0
# Node ID 4ad80d524ddac8143ceb474edcab747b18381295
# Parent  8ed30ec92aae1423f5526bc8bbdbec23c6446ddb
2006-7-19 Brian Masney <masneyb@gftp.org>

        * lib/sslcommon.c - added support for wildcard SSL certificates (from
        Kai Blaschke <webmaster@thw-theorie.de>) (closes #339663)

diff -r 8ed30ec92aae -r 4ad80d524dda ChangeLog
--- a/ChangeLog	Sun Jul 16 15:02:15 2006 +0000
+++ b/ChangeLog	Thu Jul 20 01:20:58 2006 +0000
@@ -1,3 +1,7 @@
+2006-7-19 Brian Masney <masneyb@gftp.org>
+	* lib/sslcommon.c - added support for wildcard SSL certificates (from
+	Kai Blaschke <webmaster@thw-theorie.de>) (closes #339663)
+
 2006-7-13 Brian Masney <masneyb@gftp.org>
 	* src/gtk/bookmarks.c src/gtk/delete_dialog.c src/gtk/dnd.c
 	src/gtk/gftp-gtk.c src/gtk/gftp-gtk.h src/gtk/gtkui.c
@@ -3415,7 +3419,7 @@
 
 	* cvsclean - added this script
 
-	* *.[ch] - added $Id: ChangeLog,v 1.440 2006/07/14 01:53:41 masneyb Exp $ tags
+	* *.[ch] - added $Id: ChangeLog,v 1.441 2006/07/20 01:20:58 masneyb Exp $ tags
 
 	* debian/* - updated files from Debian maintainer
 
diff -r 8ed30ec92aae -r 4ad80d524dda lib/sslcommon.c
--- a/lib/sslcommon.c	Sun Jul 16 15:02:15 2006 +0000
+++ b/lib/sslcommon.c	Thu Jul 20 01:20:58 2006 +0000
@@ -182,7 +182,18 @@
       X509_NAME_get_text_by_NID (subj, NID_commonName, data, 256) > 0)
     {
       data[sizeof (data) - 1] = '\0';
-      if (strcasecmp (data, request->hostname) != 0)
+      /* Check for wildcard CN (must begin with *.) */
+      if (strncmp (data, "*.", 2) == 0)
+        {
+          size_t hostname_len = strlen (data) - 1;
+          if (strlen (request->hostname) > hostname_len &&
+              strcasecmp (&(data[1]), &(request->hostname[strlen (request->hostname) - hostname_len])) == 0)
+            ok = 1;
+        }
+      else if (strcasecmp (data, request->hostname) == 0)
+        ok = 1;
+      
+      if (!ok)
         {
           request->logging_function (gftp_logging_error, request,
                                      _("ERROR: The host in the SSL certificate (%s) does not match the host that we connected to (%s). Aborting connection.\n"),