Fix typo in last commit

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2917819cc9159b7a5884af25333230361f368f6d..4dac6ff3e78a096f0f494a2b6bd89121951acba8 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -719,23 +719,37 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
        return ctx->verify_cb(0, ctx);
        }
 
+static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
+       {
+       int i;
+       int n = sk_OPENSSL_STRING_num(id->hosts);
+       unsigned char *name;
+
+       for (i = 0; i < n; ++i)
+               {
+               name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
+               if (X509_check_host(x, name, 0, id->hostflags) > 0)
+                       return 1;
+               }
+       return n == 0;
+       }
+
 static int check_id(X509_STORE_CTX *ctx)
        {
        X509_VERIFY_PARAM *vpm = ctx->param;
        X509_VERIFY_PARAM_ID *id = vpm->id;
        X509 *x = ctx->cert;
-       if (id->host && !X509_check_host(x, id->host, id->hostlen,
-                                        id->hostflags))
+       if (id->hosts && !check_hosts(x, id) <= 0)
                {
                if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
                        return 0;
                }
-       if (id->email && !X509_check_email(x, id->email, id->emaillen, 0))
+       if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0)
                {
                if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
                        return 0;
                }
-       if (id->ip && !X509_check_ip(x, id->ip, id->iplen, 0))
+       if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0)
                {
                if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
                        return 0;