BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard.

RFC6125 does not specify if wildcard matches empty strings but
classical browsers implementations does.
After the fix foo*bar.exemple.om matches foobar.exemple.com.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ecbd6f54aa9cd48d80261e152dd283c984c54159..06c744a55cf05a107bdd3aed097b29d7d10576be 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -811,7 +811,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
 
        /* Make sure the leftmost label of the hostname is long enough
         * that the wildcard can match */
-       if (hostname_left_label_end - hostname < pattern_left_label_end - pattern)
+       if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
                return 0;
 
        /* Finally compare the string on either side of the