From 30b24240ae68d794934d6bb32d01fe59f9932e83 Mon Sep 17 00:00:00 2001
From: Micah Cowan <micah@cowan.name>
Date: Wed, 13 Jan 2010 20:41:15 -0800
Subject: [PATCH] Fixed some mixed declarations-and-code.

---
 src/ChangeLog | 4 ++++
 src/openssl.c | 9 +++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index e13f6589..76ad7e40 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2010-01-13  Micah Cowan  <micah@cowan.name>
+
+	* openssl.c: Fixed some mixed declarations-and-code.
+
 2010-01-09  Micah Cowan  <micah@cowan.name>
 
 	* init.c, main.c, http.c, ftp.c, options.h: Renamed
diff --git a/src/openssl.c b/src/openssl.c
index 4eef5c6c..1823f593 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -576,8 +576,7 @@ ssl_check_certificate (int fd, const char *host)
 
       /* Do we want to check for dNSNAmes or ipAddresses (see RFC 2818)?
        * Signal it by host_in_octet_string. */
-      ASN1_OCTET_STRING *host_in_octet_string = NULL;
-      host_in_octet_string = a2i_IPADDRESS (host);
+      ASN1_OCTET_STRING *host_in_octet_string = a2i_IPADDRESS (host);
 
       int numaltnames = sk_GENERAL_NAME_num (subjectAltNames);
       int i;
@@ -602,11 +601,13 @@ ssl_check_certificate (int fd, const char *host)
                 }
               else if (name->type == GEN_DNS)
                 {
-                  /* Check for dNSName */
-                  alt_name_checked = true;
                   /* dNSName should be IA5String (i.e. ASCII), however who
                    * does trust CA? Convert it into UTF-8 for sure. */
                   unsigned char *name_in_utf8 = NULL;
+
+                  /* Check for dNSName */
+                  alt_name_checked = true;
+
                   if (0 <= ASN1_STRING_to_UTF8 (&name_in_utf8, name->d.dNSName))
                     {
                       /* Compare and check for NULL attack in ASN1_STRING */