Commit 16768191c739e6478db95b80a51753dfd0662302
2012-05-17T21:16:59
ssl: match host names according to RFC 2818 (HTTP over TLS)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
diff --git a/src/netops.c b/src/netops.c
index ff0d6d7..2f12710 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -194,13 +194,11 @@ int gitno_ssl_teardown(git_transport *t)
#ifdef GIT_OPENSSL
-/*
- * This function is based on the one from the cURL project
- */
+/* Match host names according to RFC 2818 rules */
static int match_host(const char *pattern, const char *host)
{
for (;;) {
- char c = *pattern++;
+ char c = tolower(*pattern++);
if (c == '\0')
return *host ? -1 : 0;
@@ -211,14 +209,24 @@ static int match_host(const char *pattern, const char *host)
if (c == '\0')
return 0;
- while (*host) {
- if (match_host(pattern, host++) == 0)
- return 0;
+ /*
+ * We've found a pattern, so move towards the next matching
+ * char. The '.' is handled specially because wildcards aren't
+ * allowed to cross subdomains.
+ */
+
+ while(*host) {
+ char h = tolower(*host);
+ if (c == h)
+ return match_host(pattern, host++);
+ if (h == '.')
+ return match_host(pattern, host);
+ host++;
}
- break;
+ return -1;
}
- if (tolower(c) != tolower(*host++))
+ if (c != tolower(*host++))
return -1;
}