- // Bypass name check (handled for us by curl).
- if (!ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,ctx->m_peer,false,ctx->m_keyResolver)) {
+ bool success=false;
+ if (ctx->m_criteria) {
+ ctx->m_criteria->setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ // Bypass name check (handled for us by curl).
+ ctx->m_criteria->setPeerName(NULL);
+ success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),ctx->m_criteria);
+ }
+ else {
+ // Bypass name check (handled for us by curl).
+ CredentialCriteria cc;
+ cc.setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),&cc);
+ }
+
+ if (!success) {