From f764673c617c45eb0f10b44546ce3daddfedb1d0 Mon Sep 17 00:00:00 2001
From: Guenter Obiltschnig <guenter.obiltschnig@appinf.com>
Date: Wed, 9 Apr 2014 17:05:54 +0200
Subject: [PATCH] cert hostname validation is case insensitive and stricter for
 wildcard certificates

---
 NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h |  2 +-
 NetSSL_OpenSSL/src/X509Certificate.cpp            | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h b/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
index cc3d71110..cf93eb786 100644
--- a/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
+++ b/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
@@ -1,7 +1,7 @@
 //
 // X509Certificate.h
 //
-// $Id: //poco/1.4/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#2 $
+// $Id: //poco/1.4/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h#3 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
diff --git a/NetSSL_OpenSSL/src/X509Certificate.cpp b/NetSSL_OpenSSL/src/X509Certificate.cpp
index 8f6cd476d..f52018e59 100644
--- a/NetSSL_OpenSSL/src/X509Certificate.cpp
+++ b/NetSSL_OpenSSL/src/X509Certificate.cpp
@@ -1,7 +1,7 @@
 //
 // X509Certificate.cpp
 //
-// $Id: //poco/1.4/NetSSL_OpenSSL/src/X509Certificate.cpp#3 $
+// $Id: //poco/1.4/NetSSL_OpenSSL/src/X509Certificate.cpp#4 $
 //
 // Library: NetSSL_OpenSSL
 // Package: SSLCore
@@ -138,6 +138,10 @@ bool X509Certificate::verify(const Poco::Crypto::X509Certificate& certificate, c
 							ok = (*it == ip);
 						}
 					}
+					else
+					{
+						ok = Poco::icompare(*it, hostName) == 0;
+					}
 				}
 			}
 			catch (HostNotFoundException&)
@@ -158,13 +162,15 @@ bool X509Certificate::containsWildcards(const std::string& commonName)
 bool X509Certificate::matchWildcard(const std::string& wildcard, const std::string& hostName)
 {
 	// fix wildcards
-	std::string wildcardExpr = Poco::replace(wildcard, ".", "\\.");
+	std::string wildcardExpr("^");
+	wildcardExpr += Poco::replace(wildcard, ".", "\\.");
 	Poco::replaceInPlace(wildcardExpr, "*", ".*");
 	Poco::replaceInPlace(wildcardExpr, "..*", ".*");
 	Poco::replaceInPlace(wildcardExpr, "?", ".?");
 	Poco::replaceInPlace(wildcardExpr, "..?", ".?");
+	wildcardExpr += "$";
 
-	Poco::RegularExpression expr(wildcardExpr);
+	Poco::RegularExpression expr(wildcardExpr, Poco::RegularExpression::RE_CASELESS);
 	return expr.match(hostName);
 }