From c6ffc6298dc36f99ff0fc4cd6bc4ad5683699a14 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 26 Sep 2013 16:55:39 +0200
Subject: [PATCH] util.x509: Only compare identity with oid-on-xmppAddr for
 XMPP services

---
 util/x509.lua | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/x509.lua b/util/x509.lua
index 19d4ec6d..857f02a4 100644
--- a/util/x509.lua
+++ b/util/x509.lua
@@ -161,7 +161,9 @@ function verify_identity(host, service, cert)
 
 		if sans[oid_xmppaddr] then
 			had_supported_altnames = true
-			if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+			if service == "_xmpp-client" or service == "_xmpp-server" then
+				if compare_xmppaddr(host, sans[oid_xmppaddr]) then return true end
+			end
 		end
 
 		if sans[oid_dnssrv] then
-- 
2.30.2