[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] [PATCH] wildcard matching for SSL cert CN
From: |
Thorsten Glaser |
Subject: |
[Lynx-dev] [PATCH] wildcard matching for SSL cert CN |
Date: |
Wed, 21 Jul 2004 17:11:37 +0000 |
Hello people,
the SSL certificate CN optimizer strikes back, part 2:
in the first episode, I was annoyed that a server with HTTPS on
a non-default port was not matched correctly - that code is in
since quite some time now.
But look what happens when you go to www.cvshome.org - you are
redirected to https://www.cvshome.org/ which has got an SSL
certificate of *.cvshome.org - apparently using wildcards.
Since I don't think it's "bad to have", am able to implement
it (hopefully correctly) and tested that, I think we should
take this diff even if I didn't look into the standards.
Hostnames are, as usual, matched case-insensitive but not
locale-specific (they're quite limited, character-wise,
anyway).
Have fun!
Index: HTString.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.c,v
retrieving revision 1.1.3.4
retrieving revision 1.4
diff -d -u -r1.1.3.4 -r1.4
--- HTString.c 15 Jul 2004 15:46:43 -0000 1.1.3.4
+++ HTString.c 21 Jul 2004 17:05:52 -0000 1.4
@@ -155,6 +157,37 @@
return ((long) n < 0 ? 0 : cm[*us1] - cm[*--us2]);
}
+int strcasecomp_asterisk(const char *a, const char *b)
+{
+ unsigned char *cm = charmap;
+ unsigned char *us1 = (unsigned char *) a;
+ unsigned char *us2 = (unsigned char *) b;
+
+ if ((*a != '*') && (*b != '*'))
+ return strcasecomp(a, b);
+
+ if (*b == '*') {
+ us1 = us2;
+ us2 = (unsigned char *) a;
+ }
+
+ if (strlen(us2) < (strlen(us1) - 1))
+ return 1;
+
+ while (*++us1 != '\0')
+ ;
+ while (*++us2 != '\0')
+ ;
+
+ while (1) {
+ if (cm[*--us1] != cm[*--us2])
+ return 1;
+ if ((*--us1) == '*')
+ return 0;
+ --us2;
+ }
+}
+
#else /* SH_EX */
/* Strings of any length
@@ -201,6 +234,36 @@
return diff;
}
/*NOTREACHED */
+}
+
+int strcasecomp_asterisk(const char *a, const char *b)
+{
+ unsigned char *us1 = (unsigned char *) a;
+ unsigned char *us2 = (unsigned char *) b;
+
+ if ((*a != '*') && (*b != '*'))
+ return strcasecomp(a, b);
+
+ if (*b == '*') {
+ us1 = us2;
+ us2 = (unsigned char *) a;
+ }
+
+ if (strlen(us2) < (strlen(us1) - 1))
+ return 1;
+
+ while (*++us1 != '\0')
+ ;
+ while (*++us2 != '\0')
+ ;
+
+ while (1) {
+ if (TOLOWER(*us1) != TOLOWER(*us2))
+ return 1;
+ if ((*--us1) == '*')
+ return 0;
+ --us2;
+ }
}
#endif /* SH_EX */
Index: HTString.h
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.h,v
retrieving revision 1.1.3.4
retrieving revision 1.4
diff -d -u -r1.1.3.4 -r1.4
--- HTString.h 15 Jul 2004 15:46:12 -0000 1.1.3.4
+++ HTString.h 21 Jul 2004 17:05:53 -0000 1.4
@@ -42,10 +44,15 @@
extern int strcasecomp8(const char *a, const char *b);
extern int strncasecomp8(const char *a, const char *b, int n);
+extern int strcasecomp_asterisk(const char *a, const char *b);
+
/*
* strcasecomp8 and strncasecomp8 are variants of strcasecomp and
* strncasecomp, but use 8bit upper/lower case information from the
* current display charset
+ * strcasecomp_asterisk does a comparision from right IF AND ONLY
+ * IF one of the values starts with an asterisk wildcard, and then
+ * it only returns if the strings are equal (0) or not (1)
*/
/*
Index: HTTP.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.1.3.5
retrieving revision 1.7
diff -d -u -r1.1.3.5 -r1.7
--- HTTP.c 15 Jul 2004 15:47:10 -0000 1.1.3.5
+++ HTTP.c 21 Jul 2004 17:05:53 -0000 1.7
@@ -602,7 +604,7 @@
ssl_host = HTParse(url, "", PARSE_HOST);
if ((p = strchr(ssl_host, ':')) != NULL)
*p = '\0';
- if (strcasecomp(ssl_host, cert_host)) {
+ if (strcasecomp_asterisk(ssl_host, cert_host)) {
HTSprintf0(&msg,
gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
ssl_host,
//Thorsten
--
Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de,
gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net,
postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk,
tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com.
- [Lynx-dev] [PATCH] wildcard matching for SSL cert CN,
Thorsten Glaser <=