From 16768191c739e6478db95b80a51753dfd0662302 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <carlos@cmartin.tk>
Date: Thu, 17 May 2012 21:16:59 +0200
Subject: [PATCH] ssl: match host names according to RFC 2818 (HTTP over TLS)

---
 src/netops.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/netops.c b/src/netops.c
index ff0d6d735..2f127102c 100644
--- a/src/netops.c
+++ b/src/netops.c
@@ -194,13 +194,11 @@ int gitno_ssl_teardown(git_transport *t)
 
 
 #ifdef GIT_OPENSSL
-/*
- * This function is based on the one from the cURL project
- */
+/* Match host names according to RFC 2818 rules */
 static int match_host(const char *pattern, const char *host)
 {
 	for (;;) {
-		char c = *pattern++;
+		char c = tolower(*pattern++);
 
 		if (c == '\0')
 			return *host ? -1 : 0;
@@ -211,14 +209,24 @@ static int match_host(const char *pattern, const char *host)
 			if (c == '\0')
 				return 0;
 
-			while (*host) {
-				if (match_host(pattern, host++) == 0)
-					return 0;
+	/*
+	 * We've found a pattern, so move towards the next matching
+	 * char. The '.' is handled specially because wildcards aren't
+	 * allowed to cross subdomains.
+	 */
+
+			while(*host) {
+				char h = tolower(*host);
+				if (c == h)
+					return match_host(pattern, host++);
+				if (h == '.')
+					return match_host(pattern, host);
+				host++;
 			}
-			break;
+			return -1;
 		}
 
-		if (tolower(c) != tolower(*host++))
+		if (c != tolower(*host++))
 			return -1;
 	}