sslutil: synchronize hostname matching logic with CPython
sslutil contains its own hostname matching logic. CPython has code
for the same intent. However, it is only available to Python 2.7.9+
(or distributions that have backported 2.7.9's ssl module
improvements).
This patch effectively imports CPython's hostname matching code
from its ssl.py into sslutil.py. The hostname matching code itself
is pretty similar. However, the DNS name matching code is much more
robust and spec conformant.
As the test changes show, this changes some behavior around
wildcard handling and IDNA matching. The new behavior allows
wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com')
This is spec compliant according to RFC 6125 Section 6.5.3 item 3.
There is one test where the matcher is more strict. Before,
'*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking
this is a security vulnerability.
/*
* Utility functions
*
* Copyright (c) 2011 Yuya Nishihara <yuya@tcha.org>
*
* This software may be used and distributed according to the terms of the
* GNU General Public License version 2 or any later version.
*/
#ifndef UTIL_H_
#define UTIL_H_
#ifdef __GNUC__
#define PRINTF_FORMAT_ __attribute__((format(printf, 1, 2)))
#else
#define PRINTF_FORMAT_
#endif
void abortmsg(const char *fmt, ...) PRINTF_FORMAT_;
void abortmsgerrno(const char *fmt, ...) PRINTF_FORMAT_;
void enablecolor(void);
void enabledebugmsg(void);
void debugmsg(const char *fmt, ...) PRINTF_FORMAT_;
void fchdirx(int dirfd);
void fsetcloexec(int fd);
void *mallocx(size_t size);
void *reallocx(void *ptr, size_t size);
int runshellcmd(const char *cmd, const char *envp[], const char *cwd);
#endif /* UTIL_H_ */