requested review changes 2

2025-07-30 02:37:28 +02:00 · 2022-06-24 15:37:10 +02:00
parent 7c827d3a82
commit ce977e8c0b
1 changed files with 5 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -73,8 +73,9 @@
 *     clientHello messages will consume resources on the server.
 *     This define is turned off by default.
 * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
- *     Certificates without SAN will get rejected during handshake instead of
- *     trying to match hostname or IP address with subject common name.
+ *     Verify hostname/ip address using alternate name (SAN) only and do not
+ *     use the common name. Forces use of the alternate name, so certificates
+ *     missing SAN will be rejected during the handshake
 */


@ -10513,7 +10514,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL
            WOLFSSL_MSG("DomainName match on common name failed");
        }
    }
-#endif /* # !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */
+#endif /* !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */

    return ret;
 }
@ -11350,7 +11351,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
                    }
                }
            }
-        #else /* #ifndef ONLY_ALT_NAME_VERIFICATION */
+        #else
            else {
                if (ret == 0) {
                    ret = DOMAIN_NAME_MISMATCH;