/* client, wanting hostname check */
{
-#if EXIM_HAVE_OPENSSL_CHECKHOST
+#ifdef EXIM_HAVE_OPENSSL_CHECKHOST
# ifndef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
# endif
while ((name = string_nextinlist(&list, &sep, NULL, 0)))
if ((rc = X509_check_host(cert, name, 0,
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
- | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)))
+ | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS,
+ NULL)))
{
if (rc < 0)
{
uschar dn[256];
#ifdef EXPERIMENTAL_EVENT
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
-uschar * yield;
BOOL dummy_called, optional = FALSE;
#endif
int rc;
uschar *expciphers;
tls_ext_ctx_cb *cbinfo;
-X509 * peercert;
static uschar peerdn[256];
static uschar cipherbuf[256];
if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
{
- cbinfo->verify_cert_hostnames = host->name;
+ cbinfo->verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+ string_domain_utf8_to_alabel(host->name, NULL);
+#else
+ host->name;
+#endif
DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
cbinfo->verify_cert_hostnames);
}