Add missing WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY guards

julek-wolfssl · julek-wolfssl · commit 233fc3e893ba · 2025-11-03T16:36:49.000+01:00
diff --git a/src/internal.c b/src/internal.c
@@ -16460,6 +16460,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         }
                     }
                     else {
+                    #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                         if (MatchDomainName(
                                 args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
@@ -16468,6 +16469,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 (word32)XSTRLEN(
                                 (const char *)ssl->buffers.domainName.buffer)
                                 ), 0) == 0)
+                    #endif
                         {
                             WOLFSSL_MSG("DomainName match on common name failed");
                             ret = DOMAIN_NAME_MISMATCH;
@@ -16476,11 +16478,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     }
                 #else /* WOLFSSL_ALL_NO_CN_IN_SAN */
                     /* Old behavior. */
+                #ifndef  WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
                     if (MatchDomainName(args->dCert->subjectCN,
                                 args->dCert->subjectCNLen,
                                 (char*)ssl->buffers.domainName.buffer,
                                 (ssl->buffers.domainName.buffer == NULL ? 0 :
                                 (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)
+                #endif
                     {
                         WOLFSSL_MSG("DomainName match on common name failed");
                         if (CheckForAltNames(args->dCert,

Original file line number	Diff line number	Diff line change
`@@ -16460,6 +16460,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16460`	`16460`	`}`
`16461`	`16461`	`}`
`16462`	`16462`	`else {`
	`16463`	`+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY`
`16463`	`16464`	`if (MatchDomainName(`
`16464`	`16465`	`args->dCert->subjectCN,`
`16465`	`16466`	`args->dCert->subjectCNLen,`
`@@ -16468,6 +16469,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16468`	`16469`	`(word32)XSTRLEN(`
`16469`	`16470`	`(const char *)ssl->buffers.domainName.buffer)`
`16470`	`16471`	`), 0) == 0)`
	`16472`	`+ #endif`
`16471`	`16473`	`{`
`16472`	`16474`	`WOLFSSL_MSG("DomainName match on common name failed");`
`16473`	`16475`	`ret = DOMAIN_NAME_MISMATCH;`
`@@ -16476,11 +16478,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,`
`16476`	`16478`	`}`
`16477`	`16479`	`#else /* WOLFSSL_ALL_NO_CN_IN_SAN */`
`16478`	`16480`	`/* Old behavior. */`
	`16481`	`+ #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY`
`16479`	`16482`	`if (MatchDomainName(args->dCert->subjectCN,`
`16480`	`16483`	`args->dCert->subjectCNLen,`
`16481`	`16484`	`(char*)ssl->buffers.domainName.buffer,`
`16482`	`16485`	`(ssl->buffers.domainName.buffer == NULL ? 0 :`
`16483`	`16486`	`(word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0)`
	`16487`	`+ #endif`
`16484`	`16488`	`{`
`16485`	`16489`	`WOLFSSL_MSG("DomainName match on common name failed");`
`16486`	`16490`	`if (CheckForAltNames(args->dCert,`