The new code that lets OpenSSL 1.0.2 do the hostname checking internally is slightly off. Attached is the very simple patch for it. I'm assuming the +1 got in there during testing to make sure openssl was doing match failures right. -- Jon X(7): A program for managing terminal windows. See also screen(1) and tmux(1). -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-use-of-X509_check_host.patch Type: text/x-diff Size: 896 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20151017/3f21ef86/attachment-0001.bin>
