X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=ustream-openssl.c;h=635d34ce29726b50f141999f13090d13e4e40be1;hb=02d7535a45290974e7ed51afc90cf2b562c4c74c;hp=787cc383a818644b9ce5624aa4a2c26bf05efc11;hpb=67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6;p=project%2Fustream-ssl.git

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 787cc38..635d34c 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -52,6 +52,7 @@ __ustream_ssl_context_new(bool server)
 		return NULL;
 
 	SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+	SSL_CTX_set_quiet_shutdown(c, 1);
 
 	return (void *) c;
 }
@@ -100,6 +101,12 @@ __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
 	SSL_CTX_free((void *) ctx);
 }
 
+void __ustream_ssl_session_free(void *ssl)
+{
+	SSL_shutdown(ssl);
+	SSL_free(ssl);
+}
+
 static void ustream_ssl_error(struct ustream_ssl *us, int ret)
 {
 	us->error = ret;
@@ -114,7 +121,7 @@ static bool host_pattern_match(const unsigned char *pattern, const char *cn)
 
 	for (; (c = tolower(*pattern++)) != 0; cn++) {
 		if (c != '*') {
-			if (c != *cn)
+			if (c != tolower(*cn))
 				return false;
 			continue;
 		}
@@ -160,6 +167,7 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 {
 	GENERAL_NAMES *alt_names;
 	int i, n_alt;
+	bool ret = false;
 
 	alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
 	if (!alt_names)
@@ -175,11 +183,14 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 		if (name->type != GEN_DNS)
 			continue;
 
-		if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn))
-			return true;
+		if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) {
+			ret = true;
+			break;
+		}
 	}
 
-	return false;
+	sk_GENERAL_NAME_free(alt_names);
+	return ret;
 }
 
 static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)