From 4f38e39228b38b29ee4e83d4807700b64f516ff8 Mon Sep 17 00:00:00 2001
From: hniksic <devnull@localhost>
Date: Wed, 11 May 2005 01:47:18 -0700
Subject: [PATCH] [svn] *** empty log message ***

---
 src/openssl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/openssl.c b/src/openssl.c
index 0ae55eb4..46e100dc 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -446,8 +446,8 @@ ssl_check_server_identity (int fd, const char *host)
        of type dNSName is present, that MUST be used as the identity."
 
      - When matching against common names, it should loop over all
-       common names and choose the most specific (apparently the last
-       one).  */
+       common names and choose the most specific one, i.e. the last
+       one, not the first one, which the current code picks.  */
 
   peer_CN[0] = '\0';
   X509_NAME_get_text_by_NID (X509_get_subject_name (peer_cert),
@@ -471,4 +471,3 @@ ssl_check_server_identity (int fd, const char *host)
   /* Allow --no-check-cert to disable certificate checking. */
   return opt.check_cert ? retval : 1;
 }
-
-- 
2.39.2