+
+#ifdef EXPERIMENTAL_CERTNAMES
+ if ( tlsp == &tls_out
+ && ((verify_cert_hostnames = client_static_cbinfo->verify_cert_hostnames)))
+ /* client, wanting hostname check */
+
+# if OPENSSL_VERSION_NUMBER >= 0x010100000L || OPENSSL_VERSION_NUMBER >= 0x010002000L
+ {
+ int sep = 0;
+ uschar * list = verify_cert_hostnames;
+ uschar * name;
+ while (name = string_nextinlist(&list, &sep, NULL, 0))
+ if (X509_check_host(cert, name, 0, 0))
+ break;
+ if (!name)
+ {
+ log_write(0, LOG_MAIN,
+ "SSL verify error: certificate name mismatch: \"%s\"\n", txt);
+ return 0; /* reject */
+ }
+ }
+# else
+ if (!tls_is_name_for_cert(verify_cert_hostnames, cert))
+ {
+ log_write(0, LOG_MAIN,
+ "SSL verify error: certificate name mismatch: \"%s\"\n", txt);
+ return 0; /* reject */
+ }
+# endif
+#endif
+