Fixed X.509 hostname comparison (with non-regular characters)
diff --git a/ChangeLog b/ChangeLog
index 27a6747..92a7e28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
Changes
* Introduced POLARSSL_HAVE_READDIR_R for systems without it
+Bugfix
+ * Fixed X.509 hostname comparison (with non-regular characters)
+
= Version 1.2.10 released 2013-10-07
Changes
* Changed RSA blinding to a slower but thread-safe version
diff --git a/library/x509parse.c b/library/x509parse.c
index 42eaf58..26d655f 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3281,11 +3281,15 @@
{
diff = n1[i] ^ n2[i];
- if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+ if( diff == 0 )
continue;
- if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+ if( diff == 32 &&
+ ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+ ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+ {
continue;
+ }
return( 1 );
}