Merge pull request #9373 from julek-wolfssl/WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY

Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards
2026-01-26 13:12:20 +01:00 · 2025-11-08 11:04:43 -06:00
parent ea4311666e 3ebc0c5f99
commit 9e9a7392d4
1 changed files with 6 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -16467,6 +16467,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                        }
                    }
                    else {
+                    #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                        if (MatchDomainName(
                                args->dCert->subjectCN,
                                args->dCert->subjectCNLen,
@@ -16475,28 +16476,29 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                (word32)XSTRLEN(
                                (const char *)ssl->buffers.domainName.buffer)
                                ), 0) == 0)
+                    #endif
                        {
-                            WOLFSSL_MSG("DomainName match on common name failed");
+                            WOLFSSL_MSG("DomainName match failed");
                            ret = DOMAIN_NAME_MISMATCH;
                            WOLFSSL_ERROR_VERBOSE(ret);
                        }
                    }
                #else /* WOLFSSL_ALL_NO_CN_IN_SAN */
                    /* Old behavior. */
+                #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                    if (MatchDomainName(args->dCert->subjectCN,
                                args->dCert->subjectCNLen,
                                (char*)ssl->buffers.domainName.buffer,
                                (ssl->buffers.domainName.buffer == NULL ? 0 :
                                (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
+                #endif
                    {
-                        WOLFSSL_MSG("DomainName match on common name failed");
                        if (CheckForAltNames(args->dCert,
                                 (char*)ssl->buffers.domainName.buffer,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(ssl->buffers.domainName.buffer)),
                                 NULL, 0) != 1) {
-                            WOLFSSL_MSG(
-                                "DomainName match on alt names failed too");
+                            WOLFSSL_MSG("DomainName match failed");
                            /* try to get peer key still */
                            ret = DOMAIN_NAME_MISMATCH;
                            WOLFSSL_ERROR_VERBOSE(ret);