From: Joe Orton <jorton@apache.org>
Date: Mon, 19 Aug 2013 19:17:14 +0000 (+0000)
Subject: Merge 1082189 from trunk:
X-Git-Tag: 2.2.26~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e83d89159060b9f7ec739db7b6f5a1ce1fed8fc8;p=thirdparty%2Fapache%2Fhttpd.git

Merge 1082189 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI
  hostname against Host header case-insensitively.

PR: 49491
Submitted by: Mayank Agrawal <magrawal.08 gmail.com>
Reviewed by: rpluem, trawick, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1515565 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 05bba12d88c..0a507427f8d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.26
 
+  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]
+
   *) mod_ssl: Change default for SSLCompression to off, as compression
      causes security issues in most setups. (The so called "CRIME" attack).
      [Stefan Fritsch]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index efe8c5a7526..6cb20879be5 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -115,7 +115,7 @@ int ssl_hook_ReadReq(request_rec *r)
         if (rv != APR_SUCCESS || scope_id) {
             return HTTP_BAD_REQUEST;
         }
-        if (strcmp(host, servername)) {
+        if (strcasecmp(host, servername)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI and hostname %s provided"
                         " via HTTP are different", servername, host);