Hello people, the SSL certificate CN optimizer strikes back, part 2:
in the first episode, I was annoyed that a server with HTTPS on a non-default port was not matched correctly - that code is in since quite some time now. But look what happens when you go to www.cvshome.org - you are redirected to https://www.cvshome.org/ which has got an SSL certificate of *.cvshome.org - apparently using wildcards. Since I don't think it's "bad to have", am able to implement it (hopefully correctly) and tested that, I think we should take this diff even if I didn't look into the standards. Hostnames are, as usual, matched case-insensitive but not locale-specific (they're quite limited, character-wise, anyway). Have fun! Index: HTString.c =================================================================== RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.c,v retrieving revision 1.1.3.4 retrieving revision 1.4 diff -d -u -r1.1.3.4 -r1.4 --- HTString.c 15 Jul 2004 15:46:43 -0000 1.1.3.4 +++ HTString.c 21 Jul 2004 17:05:52 -0000 1.4 @@ -155,6 +157,37 @@ return ((long) n < 0 ? 0 : cm[*us1] - cm[*--us2]); } +int strcasecomp_asterisk(const char *a, const char *b) +{ + unsigned char *cm = charmap; + unsigned char *us1 = (unsigned char *) a; + unsigned char *us2 = (unsigned char *) b; + + if ((*a != '*') && (*b != '*')) + return strcasecomp(a, b); + + if (*b == '*') { + us1 = us2; + us2 = (unsigned char *) a; + } + + if (strlen(us2) < (strlen(us1) - 1)) + return 1; + + while (*++us1 != '\0') + ; + while (*++us2 != '\0') + ; + + while (1) { + if (cm[*--us1] != cm[*--us2]) + return 1; + if ((*--us1) == '*') + return 0; + --us2; + } +} + #else /* SH_EX */ /* Strings of any length @@ -201,6 +234,36 @@ return diff; } /*NOTREACHED */ +} + +int strcasecomp_asterisk(const char *a, const char *b) +{ + unsigned char *us1 = (unsigned char *) a; + unsigned char *us2 = (unsigned char *) b; + + if ((*a != '*') && (*b != '*')) + return strcasecomp(a, b); + + if (*b == '*') { + us1 = us2; + us2 = (unsigned char *) a; + } + + if (strlen(us2) < (strlen(us1) - 1)) + return 1; + + while (*++us1 != '\0') + ; + while (*++us2 != '\0') + ; + + while (1) { + if (TOLOWER(*us1) != TOLOWER(*us2)) + return 1; + if ((*--us1) == '*') + return 0; + --us2; + } } #endif /* SH_EX */ Index: HTString.h =================================================================== RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.h,v retrieving revision 1.1.3.4 retrieving revision 1.4 diff -d -u -r1.1.3.4 -r1.4 --- HTString.h 15 Jul 2004 15:46:12 -0000 1.1.3.4 +++ HTString.h 21 Jul 2004 17:05:53 -0000 1.4 @@ -42,10 +44,15 @@ extern int strcasecomp8(const char *a, const char *b); extern int strncasecomp8(const char *a, const char *b, int n); +extern int strcasecomp_asterisk(const char *a, const char *b); + /* * strcasecomp8 and strncasecomp8 are variants of strcasecomp and * strncasecomp, but use 8bit upper/lower case information from the * current display charset + * strcasecomp_asterisk does a comparision from right IF AND ONLY + * IF one of the values starts with an asterisk wildcard, and then + * it only returns if the strings are equal (0) or not (1) */ /* Index: HTTP.c =================================================================== RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v retrieving revision 1.1.3.5 retrieving revision 1.7 diff -d -u -r1.1.3.5 -r1.7 --- HTTP.c 15 Jul 2004 15:47:10 -0000 1.1.3.5 +++ HTTP.c 21 Jul 2004 17:05:53 -0000 1.7 @@ -602,7 +604,7 @@ ssl_host = HTParse(url, "", PARSE_HOST); if ((p = strchr(ssl_host, ':')) != NULL) *p = '\0'; - if (strcasecomp(ssl_host, cert_host)) { + if (strcasecomp_asterisk(ssl_host, cert_host)) { HTSprintf0(&msg, gettext("SSL error:host(%s)!=cert(%s)-Continue?"), ssl_host, //Thorsten -- Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de, gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net, postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com. _______________________________________________ Lynx-dev mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/lynx-dev
