Follow the RFCs more closely in libpq server certificate hostname check.
The RFCs say that the CN must not be checked if a subjectAltName extension
of type dNSName is present. IOW, if subjectAltName extension is present,
but there are no dNSNames, we can still check the CN.
Alexey Klyukin
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/58e70cf9fb42c1ad60b8ba730fd129f2ce6fa332
Modified Files
--------------
src/interfaces/libpq/fe-secure-openssl.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)