pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:323:       if (session->server_name && sizeof([array](result->certificates || ({})))) {    array(Standards.X509.TBSCertificate) certs =    [array(Standards.X509.TBSCertificate)](result->certificates);    Standards.X509.TBSCertificate cert = certs[-1];    array(string) globs = Standards.PKCS.Certificate.    decode_distinguished_name(cert->subject)->commonName - ({ 0 });    if (cert->ext_subjectAltName_dNSName) {    globs += cert->ext_subjectAltName_dNSName;    } -  result->verified = glob(map(globs, lower_case), -  lower_case(session->server_name)); +  +  array(string) split_server_name = lower_case(session->server_name) / "."; +  +  result->verified = 0; +  + OUTER: foreach (map(globs, lower_case);; string the_glob) { +  array(string) split_glob = the_glob / "."; +  +  if (sizeof(split_glob) != sizeof(split_server_name)) +  continue; +  +  foreach (split_glob; int i; string the_glob) { +  if (!glob(the_glob, split_server_name[i])) +  continue OUTER;    }    -  +  result->verified = 1; +  break; +  } +  } +     // This data isn't actually used internally.    session->cert_data = result;       if(result->verified)    return [array(Standards.X509.TBSCertificate)]result->certificates;       return 0;   }      // Decodes certificate data. Leaves session->peer_certificate_chain