commit 57b12982b3ef3668f3a1748a1f846c9b25ac581a
author Paul Bakker <p.j.bakker@polarssl.org> Sat Feb 11 17:38:38 2012 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Sat Feb 11 17:38:38 2012 +0000
tree 3dff0c57a2a436b79e229428963af23206a962ed
parent 1504af585c5b08a9e19c781a9801297ac5b782ca

 - Multi-domain certificates support wildcards as well

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index af98843..2852643 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2971,12 +2971,12 @@
     return flags;
 }
 
-int x509_wildcard_verify( const char *cn, x509_name *name )
+int x509_wildcard_verify( const char *cn, x509_buf *name )
 {
     size_t i;
     size_t cn_idx = 0;
 
-    if( name->val.len < 3 || name->val.p[0] != '*' || name->val.p[1] != '.' )
+    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
         return( 0 );
 
     for( i = 0; i < strlen( cn ); ++i )
@@ -2991,8 +2991,8 @@
     if( cn_idx == 0 )
         return( 0 );
 
-    if( memcmp( name->val.p + 1, cn + cn_idx, name->val.len - 1 ) == 0 &&
-        strlen( cn ) - cn_idx == name->val.len - 1 )
+    if( memcmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 &&
+        strlen( cn ) - cn_idx == name->len - 1 )
     {
         return( 1 );
     }
@@ -3037,7 +3037,7 @@
                     break;
 
                 if( memcmp( name->val.p, "*.", 2 ) == 0 &&
-                    x509_wildcard_verify( cn, name ) )
+                    x509_wildcard_verify( cn, &name->val ) )
                     break;
             }
 
@@ -3056,6 +3056,10 @@
                         cur->buf.len == cn_len )
                         break;
 
+                    if( memcmp( cur->buf.p, "*.", 2 ) == 0 &&
+                        x509_wildcard_verify( cn, &cur->buf ) )
+                        break;
+
                     cur = cur->next;
                 }
             }