@@ -16467,6 +16467,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
1646716467 }
1646816468 }
1646916469 else {
16470+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
1647016471 if (MatchDomainName(
1647116472 args->dCert->subjectCN,
1647216473 args->dCert->subjectCNLen,
@@ -16475,28 +16476,29 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
1647516476 (word32)XSTRLEN(
1647616477 (const char *)ssl->buffers.domainName.buffer)
1647716478 ), 0) == 0)
16479+ #endif
1647816480 {
16479- WOLFSSL_MSG("DomainName match on common name failed");
16481+ WOLFSSL_MSG("DomainName match failed");
1648016482 ret = DOMAIN_NAME_MISMATCH;
1648116483 WOLFSSL_ERROR_VERBOSE(ret);
1648216484 }
1648316485 }
1648416486 #else /* WOLFSSL_ALL_NO_CN_IN_SAN */
1648516487 /* Old behavior. */
16488+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
1648616489 if (MatchDomainName(args->dCert->subjectCN,
1648716490 args->dCert->subjectCNLen,
1648816491 (char*)ssl->buffers.domainName.buffer,
1648916492 (ssl->buffers.domainName.buffer == NULL ? 0 :
1649016493 (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
16494+ #endif
1649116495 {
16492- WOLFSSL_MSG("DomainName match on common name failed");
1649316496 if (CheckForAltNames(args->dCert,
1649416497 (char*)ssl->buffers.domainName.buffer,
1649516498 (ssl->buffers.domainName.buffer == NULL ? 0 :
1649616499 (word32)XSTRLEN(ssl->buffers.domainName.buffer)),
1649716500 NULL, 0) != 1) {
16498- WOLFSSL_MSG(
16499- "DomainName match on alt names failed too");
16501+ WOLFSSL_MSG("DomainName match failed");
1650016502 /* try to get peer key still */
1650116503 ret = DOMAIN_NAME_MISMATCH;
1650216504 WOLFSSL_ERROR_VERBOSE(ret);
0 commit comments