Fix truncated dns-lookup return record handling

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 96ac72c3c16cabdea5a1b4b5764835164a89b222..64e2fb061298734d69ffd1be7d45c9ba8d18ecbc 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -380,7 +380,7 @@ else
        /* client, wanting hostname check */
     {
 
-#if EXIM_HAVE_OPENSSL_CHECKHOST
+#ifdef EXIM_HAVE_OPENSSL_CHECKHOST
 # ifndef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
 #  define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
 # endif
@@ -394,7 +394,8 @@ else
     while ((name = string_nextinlist(&list, &sep, NULL, 0)))
       if ((rc = X509_check_host(cert, name, 0,
                  X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
-                 | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)))
+                 | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS,
+                 NULL)))
        {
        if (rc < 0)
          {
@@ -464,7 +465,6 @@ X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
 uschar dn[256];
 #ifdef EXPERIMENTAL_EVENT
 int depth = X509_STORE_CTX_get_error_depth(x509ctx);
-uschar * yield;
 BOOL dummy_called, optional = FALSE;
 #endif
 
@@ -1533,7 +1533,6 @@ tls_server_start(const uschar *require_ciphers)
 int rc;
 uschar *expciphers;
 tls_ext_ctx_cb *cbinfo;
-X509 * peercert;
 static uschar peerdn[256];
 static uschar cipherbuf[256];
 
@@ -1724,7 +1723,12 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
 
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  cbinfo->verify_cert_hostnames = host->name;
+  cbinfo->verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
                    cbinfo->verify_cert_hostnames);
   }