1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index a1e2caa717..0e519684ef 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.40 2017/01/26 12:56:37 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.41 2017/04/10 17:11:13 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -289,7 +289,7 @@ int
 tls_handshake_client(struct tls *ctx)
 {
        X509 *cert = NULL;
-        int ssl_ret;
+        int match, ssl_ret;
        int rv = -1;
        if ((ctx->flags & TLS_CLIENT) == 0) {
@@ -311,11 +311,11 @@ tls_handshake_client(struct tls *ctx)
                        tls_set_errorx(ctx, "no server certificate");
                        goto err;
                }
-                if ((rv = tls_check_name(ctx, cert,
+                if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
-                    ctx->servername)) != 0) {
+                        goto err;
-                        if (rv != -2)
+                if (!match) {
-                                tls_set_errorx(ctx, "name `%s' not present in"
+                        tls_set_errorx(ctx, "name `%s' not present in"
-                                    " server certificate", ctx->servername);
+                            " server certificate", ctx->servername);
                        goto err;
                }
        }

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index a1e2caa717..0e519684ef 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_client.c,v 1.40 2017/01/26 12:56:37 jsing Exp $ */	1	/* $OpenBSD: tls_client.c,v 1.41 2017/04/10 17:11:13 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -289,7 +289,7 @@ int
289	tls_handshake_client(struct tls *ctx)	289	tls_handshake_client(struct tls *ctx)
290	{	290	{
291	X509 *cert = NULL;	291	X509 *cert = NULL;
292	int ssl_ret;	292	int match, ssl_ret;
293	int rv = -1;	293	int rv = -1;
294		294
295	if ((ctx->flags & TLS_CLIENT) == 0) {	295	if ((ctx->flags & TLS_CLIENT) == 0) {
@@ -311,11 +311,11 @@ tls_handshake_client(struct tls *ctx)
311	tls_set_errorx(ctx, "no server certificate");	311	tls_set_errorx(ctx, "no server certificate");
312	goto err;	312	goto err;
313	}	313	}
314	if ((rv = tls_check_name(ctx, cert,	314	if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
315	ctx->servername)) != 0) {	315	goto err;
316	if (rv != -2)	316	if (!match) {
317	tls_set_errorx(ctx, "name `%s' not present in"	317	tls_set_errorx(ctx, "name `%s' not present in"
318	" server certificate", ctx->servername);	318	" server certificate", ctx->servername);
319	goto err;	319	goto err;
320	}	320	}
321	}	321	}