BUG/MINOR: ssl: verifyhost does not match empty strings on wildcard. RFC6125 does not specify if wildcard matches empty strings but classical browsers implementations does. After the fix foo*bar.exemple.om matches foobar.exemple.com.

commit: 369da8565a2acb2227387451982e2a12eea4b110 [log] [tgz]
author: Emeric Brun <ebrun@exceliance.fr> Tue Oct 08 11:39:35 2013 +0200
committer: Willy Tarreau <w@1wt.eu> Thu Oct 10 11:33:27 2013 +0200
tree: 24990be434ba8729269b224e7a943d41dbe90320
parent: a848dae3f02f8206d32ef58c358b7f167e96ae0f [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ecbd6f5..06c744a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -811,7 +811,7 @@
 
 	/* Make sure the leftmost label of the hostname is long enough
 	 * that the wildcard can match */
-	if (hostname_left_label_end - hostname < pattern_left_label_end - pattern)
+	if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
 		return 0;
 
 	/* Finally compare the string on either side of the
commit	369da8565a2acb2227387451982e2a12eea4b110	[log] [tgz]
author	Emeric Brun <ebrun@exceliance.fr>	Tue Oct 08 11:39:35 2013 +0200
committer	Willy Tarreau <w@1wt.eu>	Thu Oct 10 11:33:27 2013 +0200
tree	24990be434ba8729269b224e7a943d41dbe90320
parent	a848dae3f02f8206d32ef58c358b7f167e96ae0f [diff]