From bc2b9418665cd62ccea393cc64aef1100af51b84 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 21 Apr 2016 22:53:07 +0900
Subject: [PATCH] nghttpx: Wildcard match for CN

---
 src/shrpx_ssl.cc | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index b14a054e..aacf4f8f 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -1011,14 +1011,19 @@ int verify_hostname(X509 *cert, const StringRef &hostname,
     return -1;
   }
 
-  auto rv = util::strieq(hostname, cn);
-  OPENSSL_free(const_cast<char *>(cn.c_str()));
+  if (cn[cn.size() - 1] == '.') {
+    if (cn.size() == 1) {
+      OPENSSL_free(const_cast<char *>(cn.c_str()));
 
-  if (rv) {
-    return 0;
+      return -1;
+    }
+    cn = StringRef{cn.c_str(), cn.size() - 1};
   }
 
-  return -1;
+  auto rv = tls_hostname_match(cn, hostname);
+  OPENSSL_free(const_cast<char *>(cn.c_str()));
+
+  return rv ? 0 : -1;
 }
 } // namespace