[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN

From: Gisle Vanem
Subject: Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN
Date: Wed, 21 Jul 2004 19:28:39 +0200

"Thorsten Glaser" <address@hidden> said:

> But look what happens when you go to - you are
> redirected to which has got an SSL
> certificate of * - apparently using wildcards.
> Since I don't think it's "bad to have", am able to implement
> it (hopefully correctly) and tested that, I think we should
> take this diff even if I didn't look into the standards.
> Hostnames are, as usual, matched case-insensitive but not
> locale-specific (they're quite limited, character-wise,
> anyway).

You patch are too simple compared to other browsers that is.
Where '* in other han 1st position or multiple '*' in CNs are accepted. 
Your patch doesn't match e.g. "" against "www*".

I once make such a recursive function for libcurl. Feel free to use it in


 * Match a hostname against a wildcard pattern.
 * E.g.
 *  "" matches "*".
 * We are a bit more liberal than RFC2818 describes in that we
 * accept multiple "*" in pattern (similar to what some other browsers do).
 * E.g.
 *  "" should strickly not match "*", but we
 *  don't consider "." to be important in CERT checking.
#define HOST_NOMATCH 0
#define HOST_MATCH   1

static int hostmatch(const char *hostname, const char *pattern)
  while (1) {
    int c = *pattern++;

    if (c == '\0')
      return (*hostname ? HOST_NOMATCH : HOST_MATCH);

    if (c == '*') {
      c = *pattern;
      if (c == '\0')      /* "*\0" matches anything remaining */
        return HOST_MATCH;

      while (*hostname) {
        /* The only recursive function in libcurl! */
        if (hostmatch(hostname++,pattern) == HOST_MATCH)
          return HOST_MATCH;
      return HOST_NOMATCH;

    if (toupper(c) != toupper(*hostname++))
      return HOST_NOMATCH;


Loosely based on djgpp's fnmatch().


reply via email to

[Prev in Thread] Current Thread [Next in Thread]