diff options
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 36 |
1 files changed, 0 insertions, 36 deletions
@@ -593,42 +593,6 @@ SSL *SSLGetContext( int sock ) return _ssl_context[sock]; } -/** A picky certificate name check: - * check if the pattern or string in s1 (from a certificate) matches the - * hostname (in s2), returns true if matched. - * - * The only place where a wildcard is allowed is in the leftmost - * position of p1. */ -static int name_match(const char *p1, const char *p2) { - const char *const dom = "0123456789."; - int wildcard_ok = 1; - - /* blank patterns never match */ - if (p1[0] == '\0') - return 0; - - /* disallow wildcards in certificates for domain literals - * (10.9.8.7-like) */ - if (strspn(p1+(*p1 == '*' ? 1 : 0), dom) == strlen(p1)) - wildcard_ok = 0; - - /* disallow wildcards for domain literals */ - if (strspn(p2, dom) == strlen(p2)) - wildcard_ok = 0; - - if (wildcard_ok && p1[0] == '*' && p1[1] == '.') { - size_t l1, l2; - - ++p1; - l1 = strlen(p1); - l2 = strlen(p2); - if (l2 > l1) - p2 += l2 - l1; - } - - return (0 == strcasecmp(p1, p2)); -} - /* ok_return (preverify_ok) is 1 if this stage of certificate verification passed, or 0 if it failed. This callback lets us display informative errors, and perform additional validation (e.g. CN matches) */ |