PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len)
{
static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len)
{
- const unsigned char *star;
- /* Do not match IDNA names. */
- if (subject_len >=4 && memcmp(subject, "xn--", 4) == 0)
- star = NULL;
- else
- star = wildcard_find_star(pattern, pattern_len);
+ const unsigned char *star = wildcard_find_star(pattern, pattern_len);
if (star == NULL)
return equal_nocase(pattern, pattern_len,
subject, subject_len);
if (star == NULL)
return equal_nocase(pattern, pattern_len,
subject, subject_len);
"set CN: host: [*.example.com] matches [a.example.com]",
"set CN: host: [*.example.com] matches [b.example.com]",
"set CN: host: [*.example.com] matches [www.example.com]",
"set CN: host: [*.example.com] matches [a.example.com]",
"set CN: host: [*.example.com] matches [b.example.com]",
"set CN: host: [*.example.com] matches [www.example.com]",
+ "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]",
"set CN: host: [test.*.example.com] does not match [test.*.example.com]",
"set CN: host: [test.*.example.com] matches [test.www.example.com]",
"set CN: host: [*.www.example.com] does not match [*.www.example.com]",
"set CN: host: [test.*.example.com] does not match [test.*.example.com]",
"set CN: host: [test.*.example.com] matches [test.www.example.com]",
"set CN: host: [*.www.example.com] does not match [*.www.example.com]",
"set dnsName: host: [*.example.com] does not match [*.example.com]",
"set dnsName: host: [*.example.com] matches [a.example.com]",
"set dnsName: host: [*.example.com] matches [b.example.com]",
"set dnsName: host: [*.example.com] does not match [*.example.com]",
"set dnsName: host: [*.example.com] matches [a.example.com]",
"set dnsName: host: [*.example.com] matches [b.example.com]",
+ "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]",
"set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
"set dnsName: host: [*.www.example.com] does not match [*.www.example.com]",
"set dnsName: host: [test.*.example.com] matches [test.www.example.com]",
"set dnsName: host: [*.www.example.com] matches [test.www.example.com]",
"set dnsName: host: [*.www.example.com] does not match [*.www.example.com]",
"set dnsName: host: [test.*.example.com] matches [test.www.example.com]",
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, 0);
match = -1;
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, 0);
match = -1;
+ fprintf(stderr, "internal error in X509_check_host");
+ ++errors;
+ }
+ else if (fn->host)
+ {
+ if (ret == 1 && !samename)
+ if (ret == 0 && samename)
match = 1;
check_message(fn, "host", nameincert, match, *pname);
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, X509_CHECK_FLAG_NO_WILDCARDS);
match = -1;
match = 1;
check_message(fn, "host", nameincert, match, *pname);
ret = X509_check_host(crt, (const unsigned char *)name,
namelen, X509_CHECK_FLAG_NO_WILDCARDS);
match = -1;
+ fprintf(stderr, "internal error in X509_check_host");
+ ++errors;
+ }
+ else if (fn->host)
+ {
+ if (ret == 1 && !samename)
+ if (ret == 0 && samename)
match = 1;
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);
match = 1;
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);
projects / openssl.git / commitdiff