From dd60efea955e41a6f0926f93ec1503c6f83c4e58 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Tue, 8 Mar 2016 15:20:02 -0500
Subject: Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
---
 crypto/x509v3/v3_utl.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'crypto/x509v3/v3_utl.c')

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 66b5711aff..a220b27ab9 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -978,14 +978,12 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
         GENERAL_NAMES_free(gens);
         if (rv != 0)
             return rv;
-        if (cnid == NID_undef
-            || (san_present
-                && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)))
+        if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
             return 0;
     }
 
     /* We're done if CN-ID is not pertinent */
-    if (cnid == NID_undef)
+    if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
         return 0;
 
     i = -1;
-- 
cgit v1.2.3