From 472af806ce859b6b00249550027c2c9fa149453b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 21 Nov 2012 14:10:48 +0000 Subject: [PATCH] Submitted by: Florian Weimer PR: 2909 Update test cases to cover internal error return values. Remove IDNA wildcard filter. --- crypto/x509v3/v3_utl.c | 7 +------ crypto/x509v3/v3nametest.c | 28 ++++++++++++++++++++-------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index ffd9f0d577..de43c2fb3b 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -719,12 +719,7 @@ static const unsigned char *wildcard_find_star(const unsigned char *pattern, static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, const unsigned char *subject, size_t subject_len) { - const unsigned char *star; - /* Do not match IDNA names. */ - if (subject_len >=4 && memcmp(subject, "xn--", 4) == 0) - star = NULL; - else - star = wildcard_find_star(pattern, pattern_len); + const unsigned char *star = wildcard_find_star(pattern, pattern_len); if (star == NULL) return equal_nocase(pattern, pattern_len, subject, subject_len); diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c index 5bf1201c6e..aa0d29c3da 100644 --- a/crypto/x509v3/v3nametest.c +++ b/crypto/x509v3/v3nametest.c @@ -24,6 +24,7 @@ static const char *const exceptions[] = "set CN: host: [*.example.com] matches [a.example.com]", "set CN: host: [*.example.com] matches [b.example.com]", "set CN: host: [*.example.com] matches [www.example.com]", + "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", "set CN: host: [test.*.example.com] does not match [test.*.example.com]", "set CN: host: [test.*.example.com] matches [test.www.example.com]", "set CN: host: [*.www.example.com] does not match [*.www.example.com]", @@ -36,6 +37,7 @@ static const char *const exceptions[] = "set dnsName: host: [*.example.com] does not match [*.example.com]", "set dnsName: host: [*.example.com] matches [a.example.com]", "set dnsName: host: [*.example.com] matches [b.example.com]", + "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", "set dnsName: host: [*.www.example.com] does not match [*.www.example.com]", "set dnsName: host: [test.*.example.com] matches [test.www.example.com]", @@ -273,28 +275,38 @@ static void run_cert(X509 *crt, const char *nameincert, ret = X509_check_host(crt, (const unsigned char *)name, namelen, 0); match = -1; - if (fn->host) + if (ret < 0) { - if (ret && !samename) + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } + else if (fn->host) + { + if (ret == 1 && !samename) match = 1; - if (!ret && samename) + if (ret == 0 && samename) match = 0; } - else if (ret) + else if (ret == 1) match = 1; check_message(fn, "host", nameincert, match, *pname); ret = X509_check_host(crt, (const unsigned char *)name, namelen, X509_CHECK_FLAG_NO_WILDCARDS); match = -1; - if (fn->host) + if (ret < 0) { - if (ret && !samename) + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } + else if (fn->host) + { + if (ret == 1 && !samename) match = 1; - if (!ret && samename) + if (ret == 0 && samename) match = 0; } - else if (ret) + else if (ret == 1) match = 1; check_message(fn, "host-no-wildcards", nameincert, match, *pname); -- 2.40.0