>From 348a62c7f4829de101bebadfa7a093a81b6d7641 Mon Sep 17 00:00:00 2001
From: Jon DeVree <nuxi@vault24.org>
Date: Sat, 17 Oct 2015 12:37:27 -0400
Subject: [PATCH] Fix use of X509_check_host

Broken by: 674881c Let OpenSSL 1.0.2 or later do the certificate vs.
hostname/IP checks for us

Signed-off-by: Jon DeVree <nuxi@vault24.org>
---
 openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openssl.c b/openssl.c
index 3482317..d2cd744 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1255,7 +1255,7 @@ static int match_cert_hostname(struct openconnect_info *vpninfo, X509 *peer_cert
 		}
 		return 0;
 	}
-	if (X509_check_host(peer_cert, vpninfo->hostname + 1, 0, 0, &matched)) {
+	if (X509_check_host(peer_cert, vpninfo->hostname, 0, 0, &matched)) {
 		vpn_progress(vpninfo, PRG_DEBUG,
 			     _("Matched peer certificate subject name '%s'\n"),
 			     matched);
-- 
2.6.1