X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Ftls_g.c;h=9313bfbf7cf37aff63d2bdd4300f4037878b7ead;hb=3a2e98e91c3a8f93e5b37cb7e5a76708194cff77;hp=e3c82bbc6f6f68fe1c2e9d3d884e1b8553b408e4;hpb=8ea9c625ce0382a9ff53560042f8140bece9d7be;p=openldap

diff --git a/libraries/libldap/tls_g.c b/libraries/libldap/tls_g.c
index e3c82bbc6f..9313bfbf7c 100644
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@@ -722,9 +722,24 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
 	if ( ret >= 0 ) {
 		ret = LDAP_SUCCESS;
 	} else {
-		altnamesize = sizeof(altname);
-		ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
-			0, 0, altname, &altnamesize );
+		/* find the last CN */
+		i=0;
+		do {
+			altnamesize = 0;
+			ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
+				i, 1, altname, &altnamesize );
+			if ( ret == GNUTLS_E_SHORT_MEMORY_BUFFER )
+				i++;
+			else
+				break;
+		} while ( 1 );
+
+		if ( i ) {
+			altnamesize = sizeof(altname);
+			ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
+				i-1, 0, altname, &altnamesize );
+		}
+
 		if ( ret < 0 ) {
 			Debug( LDAP_DEBUG_ANY,
 				"TLS: unable to get common name from peer certificate.\n",