Commit: 6106896440572dd8093acdd11ea691a07d9b169c Author: datibbaw <datib...@php.net> Tue, 8 Oct 2013 10:07:54 +0800 Parents: 39c0daeb71f76ce22dc604bda8a063319fd55e59 Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=6106896440572dd8093acdd11ea691a07d9b169c Log: DNS name comparison is now case insensitive. Changed paths: M ext/openssl/openssl.c M ext/openssl/tests/bug65729.phpt Diff: diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 2b34570..15cf798 100644 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -4834,7 +4834,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn char *wildcard; int prefix_len, suffix_len, subject_len; - if (strcmp(subjectname, certname) == 0) { + if (strcasecmp(subjectname, certname) == 0) { return 1; } @@ -4844,7 +4844,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn // 1) prefix, if not empty, must match subject prefix_len = wildcard - certname; - if (prefix_len && strncmp(subjectname, certname, prefix_len) != 0) { + if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) { return 0; } @@ -4854,7 +4854,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn /* 2) suffix must match * 3) no . between prefix and suffix **/ - return strcmp(wildcard + 1, subjectname + subject_len - suffix_len) == 0 && + return strcasecmp(wildcard + 1, subjectname + subject_len - suffix_len) == 0 && memchr(subjectname + prefix_len, '.', subject_len - suffix_len - prefix_len) == NULL; } diff --git a/ext/openssl/tests/bug65729.phpt b/ext/openssl/tests/bug65729.phpt index 7008f3c..c0ee444 100644 --- a/ext/openssl/tests/bug65729.phpt +++ b/ext/openssl/tests/bug65729.phpt @@ -13,7 +13,7 @@ stream_context_set_option($context, 'ssl', 'allow_self_signed', true); $server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); -$expected_names = array('foo.test.com.sg', 'foo.test.com', 'foo.bar.test.com'); +$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com'); $pid = pcntl_fork(); if ($pid == -1) { @@ -44,6 +44,7 @@ Warning: stream_socket_client(): Failed to enable crypto in %s on line %d Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d bool(false) resource(%d) of type (stream) +resource(%d) of type (stream) Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.bar.test.com' in %s on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php