From a0dd92234bb1c058decdd76b2712601e5e662c11 Mon Sep 17 00:00:00 2001
From: Stanislav Klima <sklima@ra.rockwell.com>
Date: Tue, 14 Jun 2022 13:37:49 +0200
Subject: [PATCH] draft

---
 src/internal.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index f329b01cb..8364f3edf 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -10500,6 +10500,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
         ret = 0;
     }
 
+#ifndef ONLY_ALT_NAME_VERIFICATION
     if (checkCN == 1) {
         if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
                             domainName) == 1) {
@@ -10509,6 +10510,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
             WOLFSSL_MSG("DomainName match on common name failed");
         }
     }
+#endif /* #ifndef ONLY_ALT_NAME_VERIFICATION */
 
     return ret;
 }
@@ -11333,6 +11335,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                     }
                 }
             }
+        #ifndef ONLY_ALT_NAME_VERIFICATION
             else {
                 if (args->dCert->subjectCN) {
                     if (MatchDomainName(args->dCert->subjectCN,
@@ -11344,6 +11347,13 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                     }
                 }
             }
+        #else /* #ifndef ONLY_ALT_NAME_VERIFICATION */
+            else {
+                if (ret == 0) {
+                    ret = DOMAIN_NAME_MISMATCH;
+                }
+            }
+        #endif /* #ifndef ONLY_ALT_NAME_VERIFICATION */
         }
 
         /* perform IP address check on the peer certificate */