[svn] *** empty log message ***

author hniksic <devnull@localhost>

Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)

committer hniksic <devnull@localhost>

Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)
author hniksic <devnull@localhost>
Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)
committer hniksic <devnull@localhost>
Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)
diff --git a/src/openssl.c b/src/openssl.c

index 0ae55eb42318293285a715a1ae62006f58c67244..46e100dcc661d0cf69d86a9bb44beb8a7298d47f 100644 (file)
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -446,8 +446,8 @@ ssl_check_server_identity (int fd, const char *host)
         of type dNSName is present, that MUST be used as the identity."
  
       - When matching against common names, it should loop over all
-       common names and choose the most specific (apparently the last
-       one).  */
+       common names and choose the most specific one, i.e. the last
+       one, not the first one, which the current code picks.  */
  
    peer_CN[0] = '\0';
    X509_NAME_get_text_by_NID (X509_get_subject_name (peer_cert),
@@ -471,4 +471,3 @@ ssl_check_server_identity (int fd, const char *host)
    /* Allow --no-check-cert to disable certificate checking. */
    return opt.check_cert ? retval : 1;
  }
-
author	hniksic <devnull@localhost>
	Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)
committer	hniksic <devnull@localhost>
	Wed, 11 May 2005 08:47:18 +0000 (01:47 -0700)