X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=64e2fb061298734d69ffd1be7d45c9ba8d18ecbc;hb=dd2a32ad5058ad7831621b99a1eadc264d4982c9;hp=96ac72c3c16cabdea5a1b4b5764835164a89b222;hpb=f69979cfecf29a4910b5750cad41d21a5418c6c7;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 96ac72c3c..64e2fb061 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -380,7 +380,7 @@ else
      	/* client, wanting hostname check */
     {
 
-#if EXIM_HAVE_OPENSSL_CHECKHOST
+#ifdef EXIM_HAVE_OPENSSL_CHECKHOST
 # ifndef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
 #  define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
 # endif
@@ -394,7 +394,8 @@ else
     while ((name = string_nextinlist(&list, &sep, NULL, 0)))
       if ((rc = X509_check_host(cert, name, 0,
 		  X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
-		  | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)))
+		  | X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS,
+		  NULL)))
 	{
 	if (rc < 0)
 	  {
@@ -464,7 +465,6 @@ X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
 uschar dn[256];
 #ifdef EXPERIMENTAL_EVENT
 int depth = X509_STORE_CTX_get_error_depth(x509ctx);
-uschar * yield;
 BOOL dummy_called, optional = FALSE;
 #endif
 
@@ -1533,7 +1533,6 @@ tls_server_start(const uschar *require_ciphers)
 int rc;
 uschar *expciphers;
 tls_ext_ctx_cb *cbinfo;
-X509 * peercert;
 static uschar peerdn[256];
 static uschar cipherbuf[256];
 
@@ -1724,7 +1723,12 @@ if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
 
 if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
   {
-  cbinfo->verify_cert_hostnames = host->name;
+  cbinfo->verify_cert_hostnames =
+#ifdef EXPERIMENTAL_INTERNATIONAL
+    string_domain_utf8_to_alabel(host->name, NULL);
+#else
+    host->name;
+#endif
   DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
 		    cbinfo->verify_cert_hostnames);
   }