From c941adba31c906e98cfabb445f08057743eb8b8a Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Mon, 7 Jul 2014 14:17:24 +0200
Subject: [PATCH] Fixed X.509 hostname comparison (with non-regular characters)

---
 ChangeLog           | 3 +++
 library/x509parse.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 27a6747da..92a7e2816 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@ PolarSSL ChangeLog
 Changes
    * Introduced POLARSSL_HAVE_READDIR_R for systems without it
 
+Bugfix
+   * Fixed X.509 hostname comparison (with non-regular characters)
+
 = Version 1.2.10 released 2013-10-07
 Changes
    * Changed RSA blinding to a slower but thread-safe version
diff --git a/library/x509parse.c b/library/x509parse.c
index 42eaf580c..26d655f1f 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3281,11 +3281,15 @@ static int x509_name_cmp( const void *s1, const void *s2, size_t len )
     {
         diff = n1[i] ^ n2[i];
 
-        if( ( n1[i] >= 'a' || n1[i] <= 'z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 0 )
             continue;
 
-        if( ( n1[i] >= 'A' || n1[i] <= 'Z' ) && ( diff == 0 || diff == 32 ) )
+        if( diff == 32 &&
+            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
+              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
+        {
             continue;
+        }
 
         return( 1 );
     }