Mercurial > gftp.yaz
changeset 769:4ad80d524dda
2006-7-19 Brian Masney <masneyb@gftp.org>
* lib/sslcommon.c - added support for wildcard SSL certificates (from
Kai Blaschke <webmaster@thw-theorie.de>) (closes #339663)
| author | masneyb |
|---|---|
| date | Thu, 20 Jul 2006 01:20:58 +0000 |
| parents | 8ed30ec92aae |
| children | eeb471438232 |
| files | ChangeLog lib/sslcommon.c |
| diffstat | 2 files changed, 17 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sun Jul 16 15:02:15 2006 +0000 +++ b/ChangeLog Thu Jul 20 01:20:58 2006 +0000 @@ -1,3 +1,7 @@ +2006-7-19 Brian Masney <masneyb@gftp.org> + * lib/sslcommon.c - added support for wildcard SSL certificates (from + Kai Blaschke <webmaster@thw-theorie.de>) (closes #339663) + 2006-7-13 Brian Masney <masneyb@gftp.org> * src/gtk/bookmarks.c src/gtk/delete_dialog.c src/gtk/dnd.c src/gtk/gftp-gtk.c src/gtk/gftp-gtk.h src/gtk/gtkui.c @@ -3415,7 +3419,7 @@ * cvsclean - added this script - * *.[ch] - added $Id: ChangeLog,v 1.440 2006/07/14 01:53:41 masneyb Exp $ tags + * *.[ch] - added $Id: ChangeLog,v 1.441 2006/07/20 01:20:58 masneyb Exp $ tags * debian/* - updated files from Debian maintainer
--- a/lib/sslcommon.c Sun Jul 16 15:02:15 2006 +0000 +++ b/lib/sslcommon.c Thu Jul 20 01:20:58 2006 +0000 @@ -182,7 +182,18 @@ X509_NAME_get_text_by_NID (subj, NID_commonName, data, 256) > 0) { data[sizeof (data) - 1] = '\0'; - if (strcasecmp (data, request->hostname) != 0) + /* Check for wildcard CN (must begin with *.) */ + if (strncmp (data, "*.", 2) == 0) + { + size_t hostname_len = strlen (data) - 1; + if (strlen (request->hostname) > hostname_len && + strcasecmp (&(data[1]), &(request->hostname[strlen (request->hostname) - hostname_len])) == 0) + ok = 1; + } + else if (strcasecmp (data, request->hostname) == 0) + ok = 1; + + if (!ok) { request->logging_function (gftp_logging_error, request, _("ERROR: The host in the SSL certificate (%s) does not match the host that we connected to (%s). Aborting connection.\n"),