From f9a1a3d549ab116ac919bc10200d7fef232aa9d0 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Thu, 27 Oct 2011 11:04:22 -0600
Subject: [PATCH] if rp doesn't provide scheme or port, then ignore them in
 testing for audience match: issue #500

---
 verifier/lib/certassertion.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/verifier/lib/certassertion.js b/verifier/lib/certassertion.js
index 3aa0993be..71590eb62 100644
--- a/verifier/lib/certassertion.js
+++ b/verifier/lib/certassertion.js
@@ -142,6 +142,8 @@ function retrieveHostPublicKey(host, successCB, errorCB) {
 //   it might be strangely formed.
 function compareAudiences(want, got) {
   try {
+    var checkHostOnly = false;
+
     // issue #82 - for a limited time, let's allow got to be sloppy and omit scheme
     // in which case we guess a scheme based on port
     if (!/^https?:\/\//.test(got)) {
@@ -149,6 +151,7 @@ function compareAudiences(want, got) {
       var scheme = "http";
       if (x.length === 2 && x[1] === '443') scheme = "https";
       got = scheme + "://" + got;
+      checkHostOnly = true;
     }
 
     // now parse and compare
@@ -161,9 +164,11 @@ function compareAudiences(want, got) {
 
     got = normalizeParsedURL(url.parse(got));
 
+    if (checkHostOnly) return want.hostname === got.hostname;
+
     return (want.protocol === got.protocol &&
             want.hostname === got.hostname &&
-            want.port === got.port);
+            want.port == got.port);
   } catch(e) {
     return false;
   }
-- 
GitLab