#! /bin/sh /usr/share/dpatch/dpatch-run
## 08_wildcard_cert.dpatch by Joey Schulze <joey@infodrom.org>
##
## DP: This patch makes lynx accept wild card SSL certificates as well.
## DP: They ar specified in RFC 2818 3.1.

diff -u -p -Nr --exclude CVS lynx-2.8.5.orig/WWW/Library/Implementation/HTTP.c lynx-2.8.5/WWW/Library/Implementation/HTTP.c
--- lynx-2.8.5.orig/WWW/Library/Implementation/HTTP.c	2006-12-03 16:45:35.000000000 +0100
+++ lynx-2.8.5/WWW/Library/Implementation/HTTP.c	2006-12-03 17:04:20.000000000 +0100
@@ -357,6 +357,29 @@ PRIVATE void strip_userid ARGS1(
     }
 }
 
+/*
+ * Compare an hostname with a certification host name
+ */
+PRIVATE int wildcard_match ARGS2(
+	char *,		ssl_host,
+	char *,		cert_host)
+{
+  char *shp, *chp;
+
+  if (!strcasecomp(ssl_host, cert_host))
+    return TRUE;
+
+  if (cert_host[0] == '*' && cert_host[1] == '.') {
+    chp = cert_host + 2;
+    if ((shp = strchr(ssl_host, '.')) != NULL) {
+      shp++;
+      if (!strcasecomp(shp, chp))
+	return TRUE;
+    }
+  }
+  return FALSE;
+}
+
 /*		Load Document from HTTP Server			HTLoadHTTP()
 **		==============================
 **
@@ -605,7 +628,7 @@ use_tunnel:
 	  ssl_host = HTParse(url, "", PARSE_HOST);
 	  if ((p = strchr(ssl_host, ':')) != NULL)
 	      *p = '\0';
-	  if (strcasecomp(ssl_host, cert_host)) {
+	  if (!wildcard_match(ssl_host, cert_host)) {
 	      HTSprintf0(&msg,
 			 gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
 			 ssl_host,