* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI

author Joe Orton <jorton@apache.org>

Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)

committer Joe Orton <jorton@apache.org>

Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)
author Joe Orton <jorton@apache.org>
Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)
committer Joe Orton <jorton@apache.org>
Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)
diff --git a/CHANGES b/CHANGES

index 628f01d7266115d8d5d2219b97b2354b9fd12b6f..fdc20dcf09fe150093ee28cd8fe553406974dbe5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
  
  Changes with Apache 2.3.12
  
+  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]
+
    *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
       of bound backend LDAP connections.  PR47634 [Eric Covener]
     
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index e8df047352da8348545188eb26c9733f226d4058..d50214bc76498f60cdb27a2f6d0c501d9623cfa9 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -202,7 +202,7 @@ int ssl_hook_ReadReq(request_rec *r)
          if (rv != APR_SUCCESS || scope_id) {
              return HTTP_BAD_REQUEST;
          }
-        if (strcmp(host, servername)) {
+        if (strcasecmp(host, servername)) {
              ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                          "Hostname %s provided via SNI and hostname %s provided"
                          " via HTTP are different", servername, host);
author	Joe Orton <jorton@apache.org>
	Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)
committer	Joe Orton <jorton@apache.org>
	Wed, 16 Mar 2011 16:32:04 +0000 (16:32 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| history