From cb95cef46d1475ef8cea780b6903e33064a7f533 Mon Sep 17 00:00:00 2001
From: zhengchao <zhengchao@iie.ac.cn>
Date: Tue, 18 Jun 2019 15:53:06 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BD=BF=E7=94=A8X509=5Fcheck=5Fhost=E5=8D=95?=
 =?UTF-8?q?=E7=8B=AC=E5=A4=84=E7=90=86CN/SAN=E5=8C=B9=E9=85=8D=E7=9A=84?=
 =?UTF-8?q?=E6=A0=A1=E9=AA=8C=EF=BC=8C=E5=BF=BD=E7=95=A5verify=5Fcallback?=
 =?UTF-8?q?=E4=B8=AD=E5=9F=9F=E5=90=8D=E4=B8=8D=E5=8C=B9=E9=85=8D=E7=9A=84?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 platform/src/ssl_trusted_cert_storage.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/platform/src/ssl_trusted_cert_storage.cpp b/platform/src/ssl_trusted_cert_storage.cpp
index 096db2d..aed16d8 100644
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -323,6 +323,11 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 		case	X509_V_ERR_CRL_HAS_EXPIRED:
 			ret=1;
 			break;
+		case	X509_V_ERR_HOSTNAME_MISMATCH:
+		case	X509_V_ERR_EMAIL_MISMATCH:
+		case	X509_V_ERR_IP_ADDRESS_MISMATCH:
+			ret=1;	//host match is verfied via X509_check_host
+			break;
 		default:
 			ret=0;
 			break;