mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard.

Browse Source 
RFC6125 does not specify if wildcard matches empty strings but
classical browsers implementations does.
After the fix foo*bar.exemple.om matches foobar.exemple.com.
This commit is contained in:
Emeric Brun 2013-10-08 11:39:35 +02:00 committed by Willy Tarreau
parent a848dae3f0
commit 369da8565a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -811,7 +811,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
/* Make sure the leftmost label of the hostname is long enough
* that the wildcard can match */
if (hostname_left_label_end - hostname < pattern_left_label_end - pattern)
if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
return 0;
/* Finally compare the string on either side of the