From e99fc3026d697e662648401fc3146270a0178a65 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 8 Jun 2018 10:09:53 -0700
Subject: [PATCH] Fixed issue with `MatchDomainName`. Fixes issue #1606. This
 is a valid and confirmed bug report in v3.15.0. Applies to `./configure
 --enable-sni` case with `wolfSSL_CTX_UseSNI` where common name has wildcards.
 Pushing fix for visibility now and will add test case.

---
 src/internal.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index d47316f25..e63588862 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7644,6 +7644,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
    return 1 on success */
 int MatchDomainName(const char* pattern, int len, const char* str)
 {
+    int ret = 0;
     char p, s;
 
     if (pattern == NULL || str == NULL || len <= 0)
@@ -7676,11 +7677,17 @@ int MatchDomainName(const char* pattern, int len, const char* str)
                 return 0;
         }
 
-        if (len > 0)
+
+        if (len > 0) {
+            str++;
             len--;
+        }
     }
 
-    return *str == '\0';
+    if (*str == '\0')
+        ret = 1; /* success */
+
+    return ret;
 }