+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+ const unsigned char *subject, size_t subject_len,
+ unsigned int flags)
+ {
+ const unsigned char *pattern = *p;
+ size_t pattern_len = *plen;
+
+ /*
+ * If subject starts with a leading '.' followed by more octets, and
+ * pattern is longer, compare just an equal-length suffix with the
+ * full subject (starting at the '.'), provided the prefix contains
+ * no NULs. (We check again that subject starts with '.' and
+ * contains at least one subsequent character, just in case the
+ * internal _X509_CHECK_FLAG_DOT_SUBDOMAINS flag was erroneously
+ * set by the user).
+ */
+ if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0 ||
+ subject_len <= 1 || subject[0] != '.')
+ return;
+
+ while (pattern_len > subject_len && *pattern)
+ {
+ if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+ *pattern == '.')
+ break;
+ ++pattern;
+ --pattern_len;
+ }
+
+ /* Skip if entire prefix acceptable */
+ if (pattern_len == subject_len)
+ {
+ *p = pattern;
+ *plen = pattern_len;
+ }
+ }
+