Fix assertion failure on certs without subjectAltName

While the patch had been done to correctly indicate presence, it still hit assertions.
ipxe · Mar 24, 2014 · e217322f39ae18f0a9976d8c23bb1661f9966d5f · e217322
1 parent e4a9069
commit e217322f39ae18f0a9976d8c23bb1661f9966d5f
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/src/net/tls.c b/src/net/tls.c
@@ -2445,14 +2445,15 @@ static int tls_validator_name( struct tls_session *tls, struct x509_certificate
 	if ( ( cert->subject.name == NULL ) && ( !cert->extensions.subject_alt_name.present ) ) {
 		return -1;
 	}
-	struct x509_san_link* link;
-	list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
-		/* If the name matches, return 0, otherwise, continue */
-		if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
-			return 0;
+	if ( cert->extensions.subject_alt_name.present ) {
+		struct x509_san_link* link;
+		list_for_each_entry ( link, &cert->extensions.subject_alt_name.names, list ) {
+			/* If the name matches, return 0, otherwise, continue */
+			if ( dns_wildcard_matcher ( tls->name, link->name ) == 0) {
+				return 0;
+			}
 		}
-	}
-	if ( !cert->extensions.subject_alt_name.present ) {
+    } else {
 		return dns_wildcard_matcher ( tls->name, cert->subject.name );
 	}
 	return -1;