openssl.c in rugged-1.7.1

- old
+ new

@@ -16,12 +16,12 @@
 #include "common.h"
 #include "runtime.h"
 #include "settings.h"
 #include "posix.h"
 #include "stream.h"
+#include "net.h"
 #include "streams/socket.h"
-#include "netops.h"
 #include "git2/transport.h"
 #include "git2/sys/openssl.h"
 
 #ifndef GIT_WIN32
 # include <sys/types.h>
@@ -68,18 +68,18 @@
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
 	return git__calloc(1, bytes);
 }
- 
+
 static void *git_openssl_realloc(void *mem, size_t size, const char *file, int line)
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
 	return git__realloc(mem, size);
 }
- 
+
 static void git_openssl_free(void *mem, const char *file, int line)
 {
 	GIT_UNUSED(file);
 	GIT_UNUSED(line);
 	git__free(mem);
@@ -355,19 +355,14 @@
 		ret = 0;
 
 	return ret;
 }
 
-static int check_host_name(const char *name, const char *host)
+static bool check_host_name(const char *host, const char *name)
 {
-	if (!strcasecmp(name, host))
-		return 0;
-
-	if (gitno__match_host(name, host) < 0)
-		return -1;
-
-	return 0;
+	return !strcasecmp(host, name) ||
+	       git_net_hostname_matches_cert(host, name);
 }
 
 static int verify_server_cert(SSL *ssl, const char *host)
 {
 	X509 *cert = NULL;
@@ -423,14 +418,11 @@
 			if (type == GEN_DNS) {
 				/* If it contains embedded NULs, don't even try */
 				if (memchr(name, '\0', namelen))
 					continue;
 
-				if (check_host_name(name, host) < 0)
-					matched = 0;
-				else
-					matched = 1;
+				matched = !!check_host_name(host, name);
 			} else if (type == GEN_IPADD) {
 				/* Here name isn't so much a name but a binary representation of the IP */
 				matched = addr && !!memcmp(name, addr, namelen);
 			}
 		}
@@ -479,10 +471,10 @@
 		GIT_ERROR_CHECK_ALLOC(peer_cn);
 		if (memchr(peer_cn, '\0', size))
 			goto cert_fail_name;
 	}
 
-	if (check_host_name((char *)peer_cn, host) < 0)
+	if (!check_host_name(host, (char *)peer_cn))
 		goto cert_fail_name;
 
 	goto cleanup;
 
 cert_fail_name: