* modules/ssl/ssl_engine_init.c (ssl_check_public_cert): Fix spurious

author Joe Orton <jorton@apache.org>

Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)

committer Joe Orton <jorton@apache.org>

Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)
author Joe Orton <jorton@apache.org>
Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)
committer Joe Orton <jorton@apache.org>
Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)
diff --git a/CHANGES b/CHANGES

index 419fe2fa9253a6f7d57d4e17860125f0f83c3bd3..3b3a73aaf51052d87babbfe278829528cc3cc9b3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
  Changes with Apache 2.3.0
    [Remove entries to the current 2.0 and 2.2 section below, when backported]
  
+  *) mod_ssl: Fix spurious hostname mismatch warning for valid
+     wildcard certificates.  PR 37911.  [Nick Burch <nick torchbox.com>]
+
    *) mod_proxy: Fix KeepAlives not being allowed and set to
       backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
  
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index 54c85fd7415a372eae14616d469b3e4f5190d2f2..da33ef9a154928125afb41d67bae71ee2abea280 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -856,14 +856,14 @@ static void ssl_check_public_cert(server_rec *s,
      if (SSL_X509_getCN(ptemp, cert, &cn)) {
          int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND;
  
-        if (apr_fnmatch_test(cn) &&
-            (apr_fnmatch(cn, s->server_hostname,
-                         fnm_flags) == APR_FNM_NOMATCH))
-        {
-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                         "%s server certificate wildcard CommonName (CN) `%s' "
-                         "does NOT match server name!?",
-                         ssl_asn1_keystr(type), cn);
+        if (apr_fnmatch_test(cn)) {
+            if (apr_fnmatch(cn, s->server_hostname,
+                            fnm_flags) == APR_FNM_NOMATCH) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+                             "%s server certificate wildcard CommonName "
+                             "(CN) `%s' does NOT match server name!?",
+                             ssl_asn1_keystr(type), cn);
+            }
          }
          else if (strNE(s->server_hostname, cn)) {
              ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
author	Joe Orton <jorton@apache.org>
	Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 17 Feb 2006 11:43:37 +0000 (11:43 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_init.c		patch \| blob \| history