git://git.exim.org / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host
[exim.git] / src / src / tls-gnu.c
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 04de02d7431d1f59d64a34719d1033fc6df1c58f..093b3a37529e586dd9c49b2ce8bb746a1e5a4833 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1846,17 +1846,13 @@ if ((  state->exp_tls_verify_certificates
    )
   {
 #ifdef EXPERIMENTAL_CERTNAMES
-  if (ob->tls_verify_cert_hostnames)
+  if (verify_check_host(&ob->tls_verify_cert_hostnames) == OK)
     {
     DEBUG(D_tls)
       debug_printf("TLS: server cert incl. hostname verification required.\n");
     state->verify_requirement = VERIFY_WITHHOST;
-    if (!expand_check(ob->tls_verify_cert_hostnames,
-                     US"tls_verify_cert_hostnames",
-                     &state->exp_tls_verify_cert_hostnames))
-      return FAIL;
-    if (state->exp_tls_verify_cert_hostnames)
-      DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
+    state->exp_tls_verify_cert_hostnames = host->name;
+    DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
                      state->exp_tls_verify_cert_hostnames);
     }
   else
Master Exim source repository