lib-ssl-iostream: Call ssl_iostream_check_cert_validity as default

Unless callback is specified, call ssl_iostream_check_cert_validity instead of ssl_iostream_cert_match_name to make sure we perform same checks consistently.
dovecot · Feb 25, 2019 · 2dea2f8 · 2dea2f8
1 parent 62d81fc
commit 2dea2f8
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
@@ -673,10 +673,8 @@ static int openssl_iostream_handshake(struct ssl_iostream *ssl_io)
 		}
        } else if (ssl_io->connected_host != NULL && !ssl_io->handshake_failed &&
 		  !ssl_io->allow_invalid_cert) {
-		if (!ssl_iostream_cert_match_name(ssl_io, ssl_io->connected_host, &reason)) {
-			openssl_iostream_set_error(ssl_io, t_strdup_printf(
-				"SSL certificate doesn't match expected host name %s: %s",
-				ssl_io->connected_host, reason));
+		if (ssl_iostream_check_cert_validity(ssl_io, ssl_io->connected_host, &reason) < 0) {
+			openssl_iostream_set_error(ssl_io, reason);
 			ssl_io->handshake_failed = TRUE;
 		}
 	}