fix certificate verification.

diff --git a/config.h b/config.h
index cc3c6e2..10f281e 100644 (file)
--- a/config.h
+++ b/config.h
@@ -14,7 +14,6 @@
 #define  cResourceFileMax      (1024*1024)
 #define  cmd_qmailinject       "/var/qmail/bin/qmail-inject"
 #define  cmd_rm                        "/bin/rm"
-#define  cmd_httpsclient       "/usr/web/htvar/bin/httpsclient"
 #define  path_devnull          "/dev/null"
 #define  memcached_ip          "127.0.0.1"
 #define  memcached_port                11211

diff --git a/lib/util_tcp.cc b/lib/util_tcp.cc
index c82accb..517866e 100644 (file)
--- a/lib/util_tcp.cc
+++ b/lib/util_tcp.cc
@@ -410,9 +410,19 @@ bool  SslClient::verifyCA () {
 
     if (host && host->host.length () > 0) {
 //     std::cerr << "hostname: " << buf << "\n";
+//     std::cerr << "hostname: " << host->host << "\n";
        buf[SSL_NAME_LEN - 1] = 0;
-       if (case_diffs (host->host.c_str (), buf) != 0)
-           return false;
+       if (buf[0] == '*' && buf[1] == '.') {
+           size_t  n1 = strlen (buf);
+           size_t  n2 = host->host.length ();
+//         std::cerr << "hostname: " << buf + 1<< "\n";
+//         std::cerr << "hostname: " << host->host.c_str () + n2 - n1 + 1 << "\n";
+           if (n2 <= n1 || case_diffs (host->host.c_str () + n2 - n1 + 1, buf + 1) != 0)
+               return false;
+       } else {
+           if (case_diffs (host->host.c_str (), buf) != 0)
+               return false;
+       }
     }
     return true;
 }