diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2010-08-27 20:59:54 +0200 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-08-27 21:10:43 +0200 |
| commit | 0fc373e3e6c2a4016bdf2467eba2d59c920158e1 (patch) | |
| tree | 5f3b5dcc0135dc12466328ce44a9cfe9df916f5a /socket.c | |
| parent | 121bfdf03f639a0979d340f60880038fafc739b0 (diff) | |
| download | fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.gz fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.tar.bz2 fetchmail-0fc373e3e6c2a4016bdf2467eba2d59c920158e1.zip | |
Require that X.509 wildcards start with "*.",
rather than just "*", to make abuse harder.
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -600,7 +600,7 @@ SSL *SSLGetContext( int sock ) * The only place where a wildcard is allowed is in the leftmost * position of p1. */ static int name_match(const char *p1, const char *p2) { - if (p1[0] == '*') { + if (p1[0] == '*' && p1[1] == '.') { size_t l1, l2; ++p1; |