Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards

julek-wolfssl · julek-wolfssl · commit ed970e7cd8c9 · 2025-11-06T16:35:11.000+01:00
diff --git a/src/internal.c b/src/internal.c
@@ -16467,6 +16467,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
                     }
                     else {
+                    #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                         if (MatchDomainName(
                                 args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
@@ -16475,6 +16476,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)
                                 ), 0) == 0)
+                    #endif
                         {
                             WOLFSSL_MSG("DomainName match on common name failed");
                             ret = DOMAIN_NAME_MISMATCH;
@@ -16483,11 +16485,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
                 #else /* WOLFSSL_ALL_NO_CN_IN_SAN */
                     /* Old behavior. */
+                #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                     if (MatchDomainName(args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
                                 (char*)ssl->buffers.domainName.buffer,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
+                #endif
                     {
                         WOLFSSL_MSG("DomainName match on common name failed");
                         if (CheckForAltNames(args->dCert,

Original file line number	Diff line number	Diff line change
`@@ -16467,6 +16467,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16467`	`16467`	`}`
`16468`	`16468`	`}`
`16469`	`16469`	`else {`
	`16470`	`+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY`
`16470`	`16471`	`if (MatchDomainName(`
`16471`	`16472`	`args->dCert->subjectCN,`
`16472`	`16473`	`args->dCert->subjectCNLen,`
`@@ -16475,6 +16476,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16475`	`16476`	`(word32)XSTRLEN(`
`16476`	`16477`	`(const char *)ssl->buffers.domainName.buffer)`
`16477`	`16478`	`), 0) == 0)`
	`16479`	`+ #endif`
`16478`	`16480`	`{`
`16479`	`16481`	`WOLFSSL_MSG("DomainName match on common name failed");`
`16480`	`16482`	`ret = DOMAIN_NAME_MISMATCH;`
`@@ -16483,11 +16485,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16483`	`16485`	`}`
`16484`	`16486`	`#else /* WOLFSSL_ALL_NO_CN_IN_SAN */`
`16485`	`16487`	`/* Old behavior. */`
	`16488`	`+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY`
`16486`	`16489`	`if (MatchDomainName(args->dCert->subjectCN,`
`16487`	`16490`	`args->dCert->subjectCNLen,`
`16488`	`16491`	`(char*)ssl->buffers.domainName.buffer,`
`16489`	`16492`	`(ssl->buffers.domainName.buffer == NULL ? 0 :`
`16490`	`16493`	`(word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)`
	`16494`	`+ #endif`
`16491`	`16495`	`{`
`16492`	`16496`	`WOLFSSL_MSG("DomainName match on common name failed");`
`16493`	`16497`	`if (CheckForAltNames(args->dCert,`