BUG/MINOR: ssl: verifyhost is case sensitive

In bug #835, @arjenzorgdoc reported that the verifyhost option on the
server line is case-sensitive, that shouldn't be the case.

This patch fixes the issue by replacing memcmp by strncasecmp and strcmp
by strcasecmp. The patch was suggested by @arjenzorgdoc.

This must be backported in all versions supporting the verifyhost
option.

(cherry picked from commit 2d6fd0a90df8d3ab77f13c59e5f1efa3d271c42c)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 656c331cbd02b4bef43e6ceac347b6e9bd440296)
[wt: adjusted context]
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8dd1ccd..5c1f054 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5140,7 +5140,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
        size_t prefixlen, suffixlen;
 
        /* Trivial case */
-       if (strcmp(pattern, hostname) == 0)
+       if (strcasecmp(pattern, hostname) == 0)
                return 1;
 
        /* The rest of this logic is based on RFC 6125, section 6.4.3
@@ -5171,7 +5171,7 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
        /* Make sure all labels match except the leftmost */
        hostname_left_label_end = strchr(hostname, '.');
        if (!hostname_left_label_end
-           || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
+           || strcasecmp(pattern_left_label_end, hostname_left_label_end) != 0)
                return 0;
 
        /* Make sure the leftmost label of the hostname is long enough
@@ -5183,8 +5183,8 @@ static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
         * wildcard */
        prefixlen = pattern_wildcard - pattern;
        suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
-       if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
-           || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
+       if ((prefixlen && (strncasecmp(pattern, hostname, prefixlen) != 0))
+           || (suffixlen && (strncasecmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
                return 0;
 
        return 1;