From 890a4ffd3f5480865629b5469876b63507f2cb64 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 23 Sep 2025 17:05:32 -0700
Subject: [PATCH] Valid http host header against cert name, as it may be
 different from the SSL hostname

---
 miniserv.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/miniserv.pl b/miniserv.pl
index 37fe6ad3f..3a3ce0151 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -2505,7 +2505,7 @@ if (&get_type($full) eq "internal/cgi" && $validated != 4) {
 	if ($use_ssl) {
 		$ENV{"SSL_HOST"} = $ssl_host;
 		$ENV{"SSL_HOST_CERT"} =
-			&ssl_hostname_match($ssl_host, $ssl_cert_hosts);
+			&ssl_hostname_match($header{'host'}, $ssl_cert_hosts);
 		}
 	$ENV{"MINISERV_PID"} = $miniserv_main_pid;
 	if ($use_ssl) {
@@ -7134,6 +7134,7 @@ return \%rv;
 sub ssl_hostname_match
 {
 my ($h, $hosts) = @_;
+$h =~ s/:\d+$//;
 foreach my $p (@$hosts) {
 	return 1 if (lc($p) eq lc($h));
 	return 1 if ($p =~ /^\*\.(\S+)$/ &&