From 77a13d5625890d6a0dc3ec312b9d237e61791033 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Sat, 1 Mar 2025 18:20:35 +0100
Subject: [PATCH] fix(socket.c): Correctly check the common name, even if not
 set (only SAN)

---
 socket.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/socket.c b/socket.c
index 42b8f1a5..c81bca63 100644
--- a/socket.c
+++ b/socket.c
@@ -728,7 +728,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str
 			_depth0ck = 1;
 		}
 
-		if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) {
 			if (_ssl_server_cname != NULL) {
 				char *p1 = buf;
 				char *p2 = _ssl_server_cname;
@@ -779,14 +778,6 @@ static int SSL_verify_callback(int ok_return, X509_STORE_CTX *ctx, const int str
 				report(stderr, GT_("Server name not set, could not verify certificate!\n"));
 				if (strict) return (0);
 			}
-		} else {
-			if (outlevel >= O_VERBOSE)
-				report(stdout, GT_("Unknown Server CommonName\n"));
-			if (ok_return && strict) {
-				report(stderr, GT_("Server name not specified in certificate!\n"));
-				return (0);
-			}
-		}
 		/* Print the finger print. Note that on errors, we might print it more than once
 		 * normally; we kluge around that by using a global variable. */
 		if (_check_fp == 1) {
-- 
2.47.2