diff options
Diffstat (limited to 'src/crypto/x509v3/v3_utl.c')
| -rw-r--r-- | src/crypto/x509v3/v3_utl.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c index 6bcb6da..aa65c79 100644 --- a/src/crypto/x509v3/v3_utl.c +++ b/src/crypto/x509v3/v3_utl.c @@ -899,7 +899,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, X509_NAME *name = NULL; size_t i; int j; - int cnid = NID_undef; + int cnid; int alt_type; int san_present = 0; int rv = 0; @@ -927,6 +927,7 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, } else { + cnid = 0; alt_type = V_ASN1_OCTET_STRING; equal = equal_case; } @@ -956,16 +957,11 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, GENERAL_NAMES_free(gens); if (rv != 0) return rv; - if (cnid == NID_undef + if (!cnid || (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) return 0; } - - /* We're done if CN-ID is not pertinent */ - if (cnid == NID_undef) - return 0; - j = -1; name = X509_get_subject_name(x); while((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0) |