Index: subversion/libsvn_ra_serf/util.c =================================================================== --- subversion/libsvn_ra_serf/util.c (revision 1615135) +++ subversion/libsvn_ra_serf/util.c (working copy) @@ -231,17 +231,18 @@ ### This should really be handled by serf, which should pass an error for this case, but that has backwards compatibility issues. */ apr_array_header_t *san; - svn_boolean_t found_san_entry = FALSE; svn_boolean_t found_matching_hostname = FALSE; serf_cert = serf_ssl_cert_certificate(cert, scratch_pool); san = svn_hash_gets(serf_cert, "subjectAltName"); - /* Try to find matching server name via subjectAltName first... */ - if (san) + /* Match server certificate CN with the hostname of the server iff + * we didn't find any subjectAltName fields and try to match them. + * Per RFC 2818 they are authoritative if present and CommonName + * should be ignored. */ + if (san && san->nelts > 0) { int i; - found_san_entry = san->nelts > 0; for (i = 0; i < san->nelts; i++) { const char *s = APR_ARRAY_IDX(san, i, const char*); @@ -255,12 +256,7 @@ } } } - - /* Match server certificate CN with the hostname of the server iff - * we didn't find any subjectAltName fields and try to match them. - * Per RFC 2818 they are authoritative if present and CommonName - * should be ignored. */ - if (!found_matching_hostname && !found_san_entry) + else { const char *hostname = NULL;