File httpd-2.2.x-bnc798733-SNI_ignorecase.diff of Package apache2

Overview Repositories Revisions Requests Users Attributes Meta

File httpd-2.2.x-bnc798733-SNI_ignorecase.diff of Package apache2

diff -rNU 20 ../httpd-2.2.17-o/modules/ssl/ssl_engine_kernel.c ./modules/ssl/ssl_engine_kernel.c
--- ../httpd-2.2.17-o/modules/ssl/ssl_engine_kernel.c	2010-02-27 22:00:58.000000000 +0100
+++ ./modules/ssl/ssl_engine_kernel.c	2013-01-28 16:04:26.000000000 +0100
@@ -119,41 +119,41 @@
 #ifndef OPENSSL_NO_TLSEXT
     if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
         char *host, *scope_id;
         apr_port_t port;
         apr_status_t rv;
 
         /*
          * The SNI extension supplied a hostname. So don't accept requests
          * with either no hostname or a different hostname.
          */
         if (!r->hostname) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI, but no hostname"
                         " provided in HTTP request", servername);
             return HTTP_BAD_REQUEST;
         }
         rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
         if (rv != APR_SUCCESS || scope_id) {
             return HTTP_BAD_REQUEST;
         }
-        if (strcmp(host, servername)) {
+        if (strcasecmp(host, servername)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI and hostname %s provided"
                         " via HTTP are different", servername, host);
             return HTTP_BAD_REQUEST;
         }
     }
     else if ((((mySrvConfig(r->server))->strict_sni_vhost_check
               == SSL_ENABLED_TRUE)
              || (mySrvConfig(sslconn->server))->strict_sni_vhost_check
                 == SSL_ENABLED_TRUE)
              && r->connection->vhost_lookup_data) {
         /*
          * We are using a name based configuration here, but no hostname was
          * provided via SNI. Don't allow that if are requested to do strict
          * checking. Check wether this strict checking was setup either in the
          * server config we used for handshaking or in our current server.
          * This should avoid insecure configuration by accident.
          */
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                      "No hostname was provided via SNI for a name based"

Places

File httpd-2.2.x-bnc798733-SNI_ignorecase.diff of Package apache2

Places