MINOR: ssl: optimization of verifyhost on wildcard certificates.
Optimizes verifyhost on wildcard certificates avoiding travel several times
the same string.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e79190a..ecbd6f5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -778,18 +778,29 @@
if (strcmp(pattern, hostname) == 0)
return 1;
- /* If it's not trivial and there are no wildcards, it can't
- * match */
- if (!(pattern_wildcard = strchr(pattern, '*')))
- return 0;
-
/* The rest of this logic is based on RFC 6125, section 6.4.3
* (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
- /* Make sure the wildcard occurs in the leftmost label */
- pattern_left_label_end = strchr(pattern, '.');
- if (!pattern_left_label_end
- || pattern_left_label_end < pattern_wildcard)
+ pattern_wildcard = NULL;
+ pattern_left_label_end = pattern;
+ while (*pattern_left_label_end != '.') {
+ switch (*pattern_left_label_end) {
+ case 0:
+ /* End of label not found */
+ return 0;
+ case '*':
+ /* If there is more than one wildcards */
+ if (pattern_wildcard)
+ return 0;
+ pattern_wildcard = pattern_left_label_end;
+ break;
+ }
+ pattern_left_label_end++;
+ }
+
+ /* If it's not trivial and there is no wildcard, it can't
+ * match */
+ if (!pattern_wildcard)
return 0;
/* Make sure all labels match except the leftmost */
@@ -807,8 +818,8 @@
* wildcard */
prefixlen = pattern_wildcard - pattern;
suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
- if (strncmp(pattern, hostname, prefixlen) != 0
- || strncmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)
+ if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
+ || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
return 0;
return 1;