Merge Daniel Richard G.'s --sslcommonname option.

Exception from no-features policy on 6.3.X is made to keep people away from
doing more dangerous things in order to get rid of CommonName mismatch
warnings.

svn path=/branches/BRANCH_6-3/; revision=5165

1 files changed, 6 insertions, 4 deletions

diff --git a/driver.c b/driver.c
index d93c01c2..de078871 100644
--- a/driver.c
+++ b/driver.c
@@ -1088,10 +1088,12 @@ static int do_session(
 	set_timeout(mytimeout);
 
 	/* perform initial SSL handshake on open connection */
-	/* Note:  We pass the realhost name over for certificate
-		verification.  We may want to make this configurable */
-	if (ctl->use_ssl && SSLOpen(mailserver_socket,ctl->sslcert,ctl->sslkey,ctl->sslproto,ctl->sslcertck,
-	    ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname,&ctl->remotename) == -1) 
+	if (ctl->use_ssl &&
+		SSLOpen(mailserver_socket, ctl->sslcert, ctl->sslkey,
+		    ctl->sslproto, ctl->sslcertck, ctl->sslcertpath,
+		    ctl->sslfingerprint, ctl->sslcommonname ?
+		    ctl->sslcommonname : realhost, ctl->server.pollname,
+		    &ctl->remotename) == -1)
 	{
 	    report(stderr, GT_("SSL connection failed.\n"));
 	    err = PS_SOCKET;