Lines 830-847
Link Here
|
830 |
int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND; |
830 |
int fnm_flags = APR_FNM_PERIOD|APR_FNM_CASE_BLIND; |
831 |
|
831 |
|
832 |
if (apr_fnmatch_test(cn)) { |
832 |
if (apr_fnmatch_test(cn)) { |
833 |
if (apr_fnmatch(cn, s->server_hostname, |
833 |
if ((apr_fnmatch(cn, s->server_hostname, |
834 |
fnm_flags) == APR_FNM_NOMATCH) { |
834 |
fnm_flags) == APR_FNM_NOMATCH) && |
|
|
835 |
!SSL_X509_checkANs(cert, s)) { |
835 |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, |
836 |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, |
836 |
"%s server certificate wildcard CommonName " |
837 |
"%s server certificate wildcard CommonName " |
837 |
"(CN) `%s' does NOT match server name!?", |
838 |
"(CN) `%s' does NOT match server name!?", |
838 |
ssl_asn1_keystr(type), cn); |
839 |
ssl_asn1_keystr(type), cn); |
839 |
} |
840 |
} |
840 |
} |
841 |
} |
841 |
else if (strNE(s->server_hostname, cn)) { |
842 |
else if (strNE(s->server_hostname, cn) && !SSL_X509_checkANs(cert, s)) { |
842 |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, |
843 |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, |
843 |
"%s server certificate CommonName (CN) `%s' " |
844 |
"%s server certificate CommonName (CN) `%s' or Subject" |
844 |
"does NOT match server name!?", |
845 |
"Alternative Name do NOT match server name!?", |
845 |
ssl_asn1_keystr(type), cn); |
846 |
ssl_asn1_keystr(type), cn); |
846 |
} |
847 |
} |
847 |
} |
848 |
} |