Note on the backward compatibility of exported NSS functions:
Since PORT_RegExpCaseSearch will be exported for the first time
in the upcoming NSS 3.12 release, if a patch for this bug is accepted
before NSS 3.12 is released, we can change PORT_RegExpCaseSearch
directly. Otherwise, we will need to add a new function that
does the RFC-compliant pattern matching.
Alternatively, we can move nss/lib/util/portreg.{h,c} to
nss/lib/certdb so that the PORT_RegExpCaseSearch doesn't need
to be exported from the new libnssutil3.so shared library in
NSS 3.12.
If anyone would like to write a patch, the starting point is the lxr.mozilla. org/security/ ident?i= CERT_VerifyCert Name
CERT_VerifyCertName function:
http://
The actual matching is done in the cert_TestHostName function: lxr.mozilla. org/security/ ident?i= cert_TestHostNa me
http://
which delegates pattern matching to the PORT_RegExpCase Search lxr.mozilla. org/security/ ident?i= PORT_RegExpCase Search
function:
http://
Note on the backward compatibility of exported NSS functions:
Since PORT_RegExpCase Search will be exported for the first time Search
in the upcoming NSS 3.12 release, if a patch for this bug is accepted
before NSS 3.12 is released, we can change PORT_RegExpCase
directly. Otherwise, we will need to add a new function that
does the RFC-compliant pattern matching.
Alternatively, we can move nss/lib/ util/portreg. {h,c} to Search doesn't need
nss/lib/certdb so that the PORT_RegExpCase
to be exported from the new libnssutil3.so shared library in
NSS 3.12.