[Lynx-dev] [PATCH] wildcard matching for SSL cert CN

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] [PATCH] wildcard matching for SSL cert CN

From:	Thorsten Glaser
Subject:	[Lynx-dev] [PATCH] wildcard matching for SSL cert CN
Date:	Wed, 21 Jul 2004 17:11:37 +0000

Hello people,

the SSL certificate CN optimizer strikes back, part 2:

in the first episode, I was annoyed that a server with HTTPS on
a non-default port was not matched correctly - that code is in
since quite some time now.

But look what happens when you go to www.cvshome.org - you are
redirected to https://www.cvshome.org/ which has got an SSL
certificate of *.cvshome.org - apparently using wildcards.

Since I don't think it's "bad to have", am able to implement
it (hopefully correctly) and tested that, I think we should
take this diff even if I didn't look into the standards.

Hostnames are, as usual, matched case-insensitive but not
locale-specific (they're quite limited, character-wise,
anyway).

Have fun!

Index: HTString.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.c,v
retrieving revision 1.1.3.4
retrieving revision 1.4
diff -d -u -r1.1.3.4 -r1.4
--- HTString.c  15 Jul 2004 15:46:43 -0000      1.1.3.4
+++ HTString.c  21 Jul 2004 17:05:52 -0000      1.4
@@ -155,6 +157,37 @@
     return ((long) n < 0 ? 0 : cm[*us1] - cm[*--us2]);
 }

+int strcasecomp_asterisk(const char *a, const char *b)
+{
+       unsigned char *cm = charmap;
+       unsigned char *us1 = (unsigned char *) a;
+       unsigned char *us2 = (unsigned char *) b;
+
+       if ((*a != '*') && (*b != '*'))
+               return strcasecomp(a, b);
+
+       if (*b == '*') {
+               us1 = us2;
+               us2 = (unsigned char *) a;
+       }
+
+       if (strlen(us2) < (strlen(us1) - 1))
+               return 1;
+
+       while (*++us1 != '\0')
+               ;
+       while (*++us2 != '\0')
+               ;
+
+       while (1) {
+               if (cm[*--us1] != cm[*--us2])
+                       return 1;
+               if ((*--us1) == '*')
+                       return 0;
+               --us2;
+       }
+}
+
 #else /* SH_EX */

 /*     Strings of any length
@@ -201,6 +234,36 @@
            return diff;
     }
     /*NOTREACHED */
+}
+
+int strcasecomp_asterisk(const char *a, const char *b)
+{
+       unsigned char *us1 = (unsigned char *) a;
+       unsigned char *us2 = (unsigned char *) b;
+
+       if ((*a != '*') && (*b != '*'))
+               return strcasecomp(a, b);
+
+       if (*b == '*') {
+               us1 = us2;
+               us2 = (unsigned char *) a;
+       }
+
+       if (strlen(us2) < (strlen(us1) - 1))
+               return 1;
+
+       while (*++us1 != '\0')
+               ;
+       while (*++us2 != '\0')
+               ;
+
+       while (1) {
+               if (TOLOWER(*us1) != TOLOWER(*us2))
+                       return 1;
+               if ((*--us1) == '*')
+                       return 0;
+               --us2;
+       }
 }

 #endif /* SH_EX */
Index: HTString.h
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTString.h,v
retrieving revision 1.1.3.4
retrieving revision 1.4
diff -d -u -r1.1.3.4 -r1.4
--- HTString.h  15 Jul 2004 15:46:12 -0000      1.1.3.4
+++ HTString.h  21 Jul 2004 17:05:53 -0000      1.4
@@ -42,10 +44,15 @@
 extern int strcasecomp8(const char *a, const char *b);
 extern int strncasecomp8(const char *a, const char *b, int n);

+extern int strcasecomp_asterisk(const char *a, const char *b);
+
        /*
         * strcasecomp8 and strncasecomp8 are variants of strcasecomp and
         * strncasecomp, but use 8bit upper/lower case information from the
         * current display charset
+       * strcasecomp_asterisk does a comparision from right IF AND ONLY
+       * IF one of the values starts with an asterisk wildcard, and then
+       * it only returns if the strings are equal (0) or not (1)
         */

 /*
Index: HTTP.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.1.3.5
retrieving revision 1.7
diff -d -u -r1.1.3.5 -r1.7
--- HTTP.c      15 Jul 2004 15:47:10 -0000      1.1.3.5
+++ HTTP.c      21 Jul 2004 17:05:53 -0000      1.7
@@ -602,7 +604,7 @@
            ssl_host = HTParse(url, "", PARSE_HOST);
            if ((p = strchr(ssl_host, ':')) != NULL)
                *p = '\0';
-           if (strcasecomp(ssl_host, cert_host)) {
+           if (strcasecomp_asterisk(ssl_host, cert_host)) {
                HTSprintf0(&msg,
                           gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
                           ssl_host,


//Thorsten
-- 
Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de,
gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net,
postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk,
tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com.

[Prev in Thread]

Current Thread

[Next in Thread]

[Lynx-dev] [PATCH] wildcard matching for SSL cert CN, Thorsten Glaser <=
- Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN, Gisle Vanem, 2004/07/21
- Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN, Stef Caunter, 2004/07/23
  - Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN, Thorsten Glaser, 2004/07/23
    - Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN, Stef Caunter, 2004/07/23

Prev by Date: Re: [Lynx-dev] Japanese (JIS, EUC, Shift-JIS), uxterm
Next by Date: Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN
Previous by thread: [Lynx-dev] Web Forms
Next by thread: Re: [Lynx-dev] [PATCH] wildcard matching for SSL cert CN
Index(es):
- Date
- Thread