10139N/A+ /* replace \0 to make full string visible to user */
10139N/A Strcat_m_charp(seen_dnsname, sn, " ", NULL);
10139N/A- if (ssl_match_cert_ident(sn, sl, hostname))
10139N/A+ if (sl == strlen(sn) /* catch \0 in SAN */
10139N/A+ && ssl_match_cert_ident(sn, sl, hostname))
10139N/A if (match_ident == FALSE && ret == NULL) {
10139N/A- if (X509_NAME_get_text_by_NID(xn, NID_commonName,
10139N/A+ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
10139N/A ret = Strnew_charp("Unable to get common name from peer cert");
10139N/A- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname))
10139N/A+ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) {
10139N/A+ /* replace \0 to make full string visible to user */
10139N/A ret = Sprintf("Bad cert ident %s from %s", buf, hostname);