From 89e94978ed3cb2b78abbee2152c856de17f60d89 Mon Sep 17 00:00:00 2001
From: Gerardo Ganis <Gerardo.Ganis@cern.ch>
Date: Fri, 14 Dec 2018 14:17:55 +0100
Subject: [PATCH] secgsi: remove commented original SAN check code

(Not following the RFC)
---
 src/XrdSecgsi/XrdSecProtocolgsi.cc | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/src/XrdSecgsi/XrdSecProtocolgsi.cc b/src/XrdSecgsi/XrdSecProtocolgsi.cc
index b5a1211608e..91f17a8ac68 100644
--- a/src/XrdSecgsi/XrdSecProtocolgsi.cc
+++ b/src/XrdSecgsi/XrdSecProtocolgsi.cc
@@ -3228,24 +3228,6 @@ int XrdSecProtocolgsi::ClientDoCert(XrdSutBuffer *br, XrdSutBuffer **bm,
                      <<std::flush;
           }
       }
-/* Below is the original SAN checking code that didn't follow the RFC!
-
-   // First, check the DN against the client-provided hostname.
-   // On failure, we will iterate through the alternate names in the cert.
-   // If that fails, we will do a reverse DNS lookup of the IP address.
-   if (!ServerCertNameOK(hs->Chain->End()->Subject(), Entity.host, emsg) &&
-       !hs->Chain->End()->MatchesSAN(Entity.host, hasSAN)) {
-      if ((expectedHost == NULL) && TrustDNS && Entity.addrInfo) {
-         const char *name = Entity.addrInfo->Name();
-         DEBUG("TrustDNS fallback; checking cert is for host "
-               <<(name ? name : "???"));
-         if ((name == NULL)
-         || !ServerCertNameOK(hs->Chain->End()->Subject(), name, emsg)) {
-               return -1;
-         }
-      } else return -1;
-   }
-*/
 
    //
    // Extract the server key