20034N/A+ /* replace \0 to make full string visible to user */
20034N/A Strcat_m_charp(seen_dnsname, sn, " ", NULL);
20034N/A- if (ssl_match_cert_ident(sn, sl, hostname))
20034N/A+ if (sl == strlen(sn) /* catch \0 in SAN */
20034N/A+ && ssl_match_cert_ident(sn, sl, hostname))
20034N/A if (match_ident == FALSE && ret == NULL) {
20034N/A- if (X509_NAME_get_text_by_NID(xn, NID_commonName,
20034N/A+ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
20034N/A ret = Strnew_charp("Unable to get common name from peer cert");
20034N/A- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
20034N/A+ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
20034N/A+ /* replace \0 to make full string visible to user */
20034N/A ret = Sprintf("Bad cert ident %s from %s", buf, hostname);