#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#else
-# include <strings.h>
-#endif
+#include <string.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include "url.h"
#include "ssl.h"
-#ifndef errno
-extern int errno;
-#endif
-
/* Application-wide SSL context. This is common to all SSL
connections. */
SSL_CTX *ssl_ctx;
logprintf (LOG_NOTQUIET, _("%s: No certificate presented by %s.\n"),
severity, escnonprint (host));
success = 0;
- goto out; /* must bail out since CERT is NULL */
+ goto no_cert; /* must bail out since CERT is NULL */
}
#ifdef ENABLE_DEBUG
common names and choose the most specific one, i.e. the last
one, not the first one, which the current code picks.
- - Make sure that the names are encoded as UTF-8 which, being
- ASCII-compatible, can be easily compared against HOST. */
+ - Ensure that ASN1 strings from the certificate are encoded as
+ UTF-8 which can be meaningfully compared to HOST. */
common_name[0] = '\0';
X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
escnonprint (host)));
X509_free (cert);
- out:
+ no_cert:
if (opt.check_cert && !success)
logprintf (LOG_NOTQUIET, _("\
To connect to %s insecurely, use `--no-check-certificate'.\n"),