BOOL matches = TRUE;
*see_wildcard = FALSE;
+
if (server_len < allowed_len)
{
WARN_(chain)("domain component %s too short for %s\n",
TRACE_(chain)("CN = %s\n", debugstr_wn(allowed_component, allowed_len));
+ /* Remove trailing NULLs from the allowed name; while they shouldn't appear
+ * in a certificate in the first place, they sometimes do, and they should
+ * be ignored.
+ */
+ while (allowed_len && allowed_component[allowed_len - 1] == 0)
+ allowed_len--;
+
/* From RFC 2818 (HTTP over TLS), section 3.1:
* "Names may contain the wildcard character * which is considered to match
* any single domain name component or component fragment. E.g.,