]> Pileus Git - ~andy/fetchmail/blobdiff - socket.c
projects / ~andy / fetchmail / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Put 6.3.12 on front page.
[~andy/fetchmail] / socket.c
diff --git a/socket.c b/socket.c
index dd025356d8879016250466f43a3a5a3123949693..c245b3d4c55c12a7291feaafecae050b8a94b202 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -628,9 +628,10 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                report(stdout, GT_("Unknown Issuer CommonName\n"));
                }
                if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) {
-                       if (outlevel >= O_VERBOSE)
+                       if (outlevel >= O_VERBOSE) {
                                report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i)));
-                       xfree(tt);
+                               xfree(tt);
+                       }
                        if ((size_t)i >= sizeof(buf) - 1) {
                                /* Possible truncation. In this case, this is a DNS name, so this
                                 * is really bad. We do not tolerate this even in the non-strict case. */
@@ -660,6 +661,10 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                                if (gn->type == GEN_DNS) {
                                                        char *p1 = (char *)gn->d.ia5->data;
                                                        char *p2 = _ssl_server_cname;
+                                                       if (outlevel >= O_VERBOSE) {
+                                                               report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(p1, (size_t)gn->d.ia5->length)));
+                                                               xfree(tt);
+                                                       }
                                                        /* Name contains embedded NUL characters, so we complain. This
                                                         * is likely a certificate spoofing attack. */
                                                        if ((size_t)gn->d.ia5->length != strlen(p1)) {
@@ -667,10 +672,6 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
                                                                sk_GENERAL_NAME_free(gens);
                                                                return 0;
                                                        }
-                                                       if (outlevel >= O_VERBOSE) {
-                                                               report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(p1, (size_t)gn->d.ia5->length)));
-                                                               xfree(tt);
-                                                       }
                                                        if (*p1 == '*') {
                                                                ++p1;
                                                                n = strlen(p2) - strlen(p1);
Andy's fetchmail repository