ssl-verify: Only check addr length when using IP addr

Only check for address length, when connecting through IP address.
It is not used, when connecting through DNS hostname.

1 files changed, 8 insertions, 7 deletions

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index a830800..fe04409 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -161,8 +161,6 @@ static int verify_hostname(X509* cert, const char *hostname)
 {
     GENERAL_NAMES* subject_alt_names;
     int found_dns_name = 0;
-    struct in_addr addr;
-    int addr_len = 0;
     int cn_match = 0;
     X509_NAME* subject;
 
@@ -173,11 +171,6 @@ static int verify_hostname(X509* cert, const char *hostname)
         return 0;
     }
 
-    // only IpV4 supported
-    if (inet_aton(hostname, &addr)) {
-        addr_len = sizeof(struct in_addr);
-    }
-
     /* try matching against:
      *  1) a DNS name as an alternative name (subjectAltName) extension
      *     in the certificate
@@ -209,8 +202,16 @@ static int verify_hostname(X509* cert, const char *hostname)
                     return 1;
                 }
             } else if (name->type == GEN_IPADD) {
+                struct in_addr addr;
+                int addr_len = 0;
                 int alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
                 found_dns_name = 1;
+
+                // only IpV4 supported
+                if (inet_aton(hostname, &addr)) {
+                    addr_len = sizeof(struct in_addr);
+                }
+
                 if ((addr_len == alt_ip_len)&&
                     !memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) {
                     spice_debug("alt name IP match=%s",