DNS name comparison is now case insensitive.

Author: datibbaw

ext/openssl/openssl.c

@@ -4834,7 +4834,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn
 	char *wildcard;
 	int prefix_len, suffix_len, subject_len;
 
-	if (strcmp(subjectname, certname) == 0) {
+	if (strcasecmp(subjectname, certname) == 0) {
 		return 1;
 	}
 
@@ -4844,7 +4844,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn
 
 	// 1) prefix, if not empty, must match subject
 	prefix_len = wildcard - certname;
-	if (prefix_len && strncmp(subjectname, certname, prefix_len) != 0) {
+	if (prefix_len && strncasecmp(subjectname, certname, prefix_len) != 0) {
 		return 0;
 	}
 
@@ -4854,7 +4854,7 @@ static zend_bool php_openssl_match_cn(const char *subjectname, const char *certn
 		/* 2) suffix must match
 		 * 3) no . between prefix and suffix
 		 **/
-		return strcmp(wildcard + 1, subjectname + subject_len - suffix_len) == 0 &&
+		return strcasecmp(wildcard + 1, subjectname + subject_len - suffix_len) == 0 &&
 			memchr(subjectname + prefix_len, '.', subject_len - suffix_len - prefix_len) == NULL;
 	}
 

ext/openssl/tests/bug65729.phpt

@@ -13,7 +13,7 @@ stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
 $server = stream_socket_server('ssl://127.0.0.1:64321', $errno, $errstr,
 	STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context);
 
-$expected_names = array('foo.test.com.sg', 'foo.test.com', 'foo.bar.test.com');
+$expected_names = array('foo.test.com.sg', 'foo.test.com', 'FOO.TEST.COM', 'foo.bar.test.com');
 
 $pid = pcntl_fork();
 if ($pid == -1) {
@@ -44,6 +44,7 @@ Warning: stream_socket_client(): Failed to enable crypto in %s on line %d
 Warning: stream_socket_client(): unable to connect to ssl://127.0.0.1:64321 (Unknown error) in %s on line %d
 bool(false)
 resource(%d) of type (stream)
+resource(%d) of type (stream)
 
 Warning: stream_socket_client(): Peer certificate CN=`*.test.com' did not match expected CN=`foo.bar.test.com' in %s on line %d