From 9a4e389946779f47d2ce400eb5b0f7d0dfb22795 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Mon, 12 Feb 2018 15:46:42 +0100 Subject: [PATCH] Better #ifdef select when to use X509_check_host --- src/stub.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/stub.c b/src/stub.c index de24ef58..b9164cfa 100644 --- a/src/stub.c +++ b/src/stub.c @@ -1138,13 +1138,10 @@ tls_do_handshake(getdns_upstream *upstream) * This is not needed with native OpenSSL DANE, because EE name checks have * to be disabled explicitely. */ -#if defined(USE_DANESSL) || (!defined(HAVE_SSL_HN_AUTH) && defined(HAVE_X509_CHECK_HOST)) +#if defined(HAVE_X509_CHECK_HOST) && (defined(USE_DANESSL) || !defined(HAVE_SSL_HN_AUTH)) int xch; if (peer_cert && verify_result == X509_V_OK && upstream->tls_auth_name[0] -# if defined(USE_DANESSL) && defined(HAVE_SSL_HN_AUTH) - && upstream->tls_pubkey_pinset -# endif && (xch = X509_check_host(peer_cert, upstream->tls_auth_name, strlen(upstream->tls_auth_name),