From: hniksic <devnull@localhost>
Date: Wed, 11 May 2005 08:47:18 +0000 (-0700)
Subject: [svn] *** empty log message ***
X-Git-Tag: v1.13~1050
X-Git-Url: http://sjero.net/git/?p=wget;a=commitdiff_plain;h=4f38e39228b38b29ee4e83d4807700b64f516ff8

[svn] *** empty log message ***
---

diff --git a/src/openssl.c b/src/openssl.c
index 0ae55eb4..46e100dc 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -446,8 +446,8 @@ ssl_check_server_identity (int fd, const char *host)
        of type dNSName is present, that MUST be used as the identity."
 
      - When matching against common names, it should loop over all
-       common names and choose the most specific (apparently the last
-       one).  */
+       common names and choose the most specific one, i.e. the last
+       one, not the first one, which the current code picks.  */
 
   peer_CN[0] = '\0';
   X509_NAME_get_text_by_NID (X509_get_subject_name (peer_cert),
@@ -471,4 +471,3 @@ ssl_check_server_identity (int fd, const char *host)
   /* Allow --no-check-cert to disable certificate checking. */
   return opt.check_cert ? retval : 1;
 }
-