X-Git-Url: http://sjero.net/git/?p=wget;a=blobdiff_plain;f=src%2Fopenssl.c;fp=src%2Fopenssl.c;h=1823f5935655a15a4b8d92279a9cb5129acb63c2;hp=4eef5c6c49c82efa3510da3ce6c005cd50068d0c;hb=30b24240ae68d794934d6bb32d01fe59f9932e83;hpb=7585b7019d5909428a477002579366a507e42b58

diff --git a/src/openssl.c b/src/openssl.c
index 4eef5c6c..1823f593 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -576,8 +576,7 @@ ssl_check_certificate (int fd, const char *host)
 
       /* Do we want to check for dNSNAmes or ipAddresses (see RFC 2818)?
        * Signal it by host_in_octet_string. */
-      ASN1_OCTET_STRING *host_in_octet_string = NULL;
-      host_in_octet_string = a2i_IPADDRESS (host);
+      ASN1_OCTET_STRING *host_in_octet_string = a2i_IPADDRESS (host);
 
       int numaltnames = sk_GENERAL_NAME_num (subjectAltNames);
       int i;
@@ -602,11 +601,13 @@ ssl_check_certificate (int fd, const char *host)
                 }
               else if (name->type == GEN_DNS)
                 {
-                  /* Check for dNSName */
-                  alt_name_checked = true;
                   /* dNSName should be IA5String (i.e. ASCII), however who
                    * does trust CA? Convert it into UTF-8 for sure. */
                   unsigned char *name_in_utf8 = NULL;
+
+                  /* Check for dNSName */
+                  alt_name_checked = true;
+
                   if (0 <= ASN1_STRING_to_UTF8 (&name_in_utf8, name->d.dNSName))
                     {
                       /* Compare and check for NULL attack in ASN1_STRING */