@@ -12947,6 +12947,36 @@ int CipherRequires(byte first, byte second, int requirement)
1294712947#endif /* !NO_TLS */
1294812948
1294912949#ifndef NO_CERTS
12950+ #if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
12951+ static int MatchIPv6(const char* pattern, int patternLen,
12952+ const char* str, word32 strLen)
12953+ {
12954+ WOLFSSL_SOCKADDR_IN6 addr1, addr2;
12955+ char patBuf[WOLFSSL_MAX_IPSTR];
12956+ char strBuf[WOLFSSL_MAX_IPSTR];
12957+
12958+ if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf))
12959+ return 0;
12960+
12961+ /* Make sure strings are null-terminated and safely copied */
12962+ XMEMCPY(patBuf, pattern, patternLen);
12963+ patBuf[patternLen] = '\0';
12964+ XMEMCPY(strBuf, str, strLen);
12965+ strBuf[strLen] = '\0';
12966+
12967+ XMEMSET(&addr1, 0, sizeof(addr1));
12968+ XMEMSET(&addr2, 0, sizeof(addr2));
12969+
12970+ /* Try parsing both as IPv6 */
12971+ if (XINET_PTON(WOLFSSL_IP6, patBuf, &addr1) != 1)
12972+ return 0;
12973+ if (XINET_PTON(WOLFSSL_IP6, strBuf, &addr2) != 1)
12974+ return 0;
12975+
12976+ /* Compare raw address bytes */
12977+ return XMEMCMP(&addr1, &addr2, sizeof(WOLFSSL_SOCKADDR_IN6)) == 0;
12978+ }
12979+ #endif /* WOLFSSL_IP_ALT_NAME && !WOLFSSL_USER_IO */
1295012980
1295112981/* Match names with wildcards, each wildcard can represent a single name
1295212982 component or fragment but not multiple names, i.e.,
@@ -12966,6 +12996,12 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
1296612996 if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
1296712997 return 0;
1296812998
12999+ #if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
13000+ /* First try to match IPv6 addresses */
13001+ if (MatchIPv6(pattern, patternLen, str, strLen))
13002+ return 1;
13003+ #endif
13004+
1296913005 while (patternLen > 0) {
1297013006 /* Get the next pattern char to evaluate */
1297113007 char p = (char)XTOLOWER((unsigned char)*pattern);
0 commit comments