[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1565531 - /subversion/trunk/subversion/libsvn_ra_serf/util.c

From: Ben Reser <breser_at_apache.org>
Date: Fri, 01 Aug 2014 17:35:40 -0700

On 8/1/14 8:23 AM, Ivan Zhakov wrote:
> I think it will be more clear to write code in the following way:
> [[
> san = svn_hash_gets(serf_cert, "subjectAltName");
> /* Match server certificate CN with the hostname of the server iff
> * we didn't find any subjectAltName fields and try to match them.
> * Per RFC 2818 they are authoritative if present and CommonName
> * should be ignored. */
> if (san && san->nelts > 0) {
> int i;
> found_san_entry = ;
> for (i = 0; i < san->nelts; i++) {
> const char *s = APR_ARRAY_IDX(san, i, const char*);
> if (apr_fnmatch(s, conn->session->session_url.hostname,
> APR_FNM_PERIOD | APR_FNM_CASE_BLIND) == APR_SUCCESS)
> {
> found_matching_hostname = 1;
> break;
> }
> }
> }
> else
> {
> const char *hostname = NULL;
>
> subject = serf_ssl_cert_subject(cert, scratch_pool);
>
> if (subject)
> hostname = svn_hash_gets(subject, "CN");
>
> if (hostname
> && apr_fnmatch(hostname, conn->session->session_url.hostname,
> APR_FNM_PERIOD | APR_FNM_CASE_BLIND) ==
> APR_SUCCESS)
> {
> found_matching_hostname = 1;
> }
> }
> ]]
>
> Did I miss something important?

Agreed, committed in r1615272.
Received on 2014-08-02 02:35:15 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.