* modules/ssl/ssl_engine_init.c (ssl_check_public_cert): Fix spurious

hostname-mismatch warning for valid wildcard certs. PR: 37911 Submitted by: Nick Burch <nick torchbox.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@378487 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2006-02-17 11:43:37 +00:00
parent 6f768ff39b
commit 20cf15d539
2 changed files with 11 additions and 8 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -856,14 +856,14 @@ static void ssl_check_public_cert(server_rec *s,
    if (SSL_X509_getCN(ptemp, cert, &cn)) {
        int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND;

-        if (apr_fnmatch_test(cn) &&
-            (apr_fnmatch(cn, s->server_hostname,
-                         fnm_flags) == APR_FNM_NOMATCH))
-        {
-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                         "%s server certificate wildcard CommonName (CN) `%s' "
-                         "does NOT match server name!?",
-                         ssl_asn1_keystr(type), cn);
+        if (apr_fnmatch_test(cn)) {
+            if (apr_fnmatch(cn, s->server_hostname,
+                            fnm_flags) == APR_FNM_NOMATCH) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+                             "%s server certificate wildcard CommonName "
+                             "(CN) `%s' does NOT match server name!?",
+                             ssl_asn1_keystr(type), cn);
+            }
        }
        else if (strNE(s->server_hostname, cn)) {
            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,