-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl: Match wildcard SSL certificate names in proxy mode.
+ PR 53006. [Joe Orton]
+
*) WinNT MPM: Store pid and generation for each thread in scoreboard
to allow tracking of threads from exiting children via mod_status
or other such mechanisms. [Jeff Trawick]
if ((sc->proxy_ssl_check_peer_cn != SSL_ENABLED_FALSE) &&
hostname_note) {
const char *hostname;
+ int match = 0;
hostname = ssl_var_lookup(NULL, server, c, NULL,
"SSL_CLIENT_S_DN_CN");
apr_table_unset(c->notes, "proxy-request-hostname");
- if (strcasecmp(hostname, hostname_note)) {
+
+ /* Do string match or simplest wildcard match if that
+ * fails. */
+ match = strcasecmp(hostname, hostname_note) == 0;
+ if (!match && strncmp(hostname, "*.", 2) == 0) {
+ const char *p = ap_strchr_c(hostname_note, '.');
+
+ match = p && strcasecmp(p, hostname + 1) == 0;
+ }
+
+ if (!match) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02005)
"SSL Proxy: Peer certificate CN mismatch:"
" Certificate CN: %s Requested hostname: %s",
projects / thirdparty / apache / httpd.git / commitdiff
