--- smtp-tls.c.O	2008-03-11 18:42:41.000000000 +0100
+++ smtp-tls.c	2008-03-11 18:49:38.000000000 +0100
@@ -492,7 +492,6 @@
 check_acceptable_security (smtp_session_t session, SSL *ssl)
 {
   X509 *cert;
-  char buf[256];
   int bits;
   long vfy_result;
   int ok;
@@ -541,68 +540,38 @@
     }
   else
     {
-      int i, j, extcount;
-
-      extcount = X509_get_ext_count (cert);
-      for (i = 0; i < extcount; i++)
-	{
-	  const char *extstr;
-	  X509_EXTENSION *ext = X509_get_ext (cert, i);
-
-	  extstr = OBJ_nid2sn (OBJ_obj2nid (X509_EXTENSION_get_object (ext)));
-	  if (strcmp (extstr, "subjectAltName") == 0)
-	    {
-	      unsigned char *data;
-	      STACK_OF(CONF_VALUE) *val;
-	      CONF_VALUE *nval;
-	      X509V3_EXT_METHOD *meth;
-	      void *ext_str = NULL;
-	      int stack_len;
-
-	      meth = X509V3_EXT_get (ext);
-	      if (meth == NULL)
-		break;
-	      data = ext->value->data;
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
-	      if (meth->it)
-		ext_str = ASN1_item_d2i (NULL, &data, ext->value->length,
-		                         ASN1_ITEM_ptr (meth->it));
-	      else
-#endif
-	      ext_str = meth->d2i (NULL, &data, ext->value->length);
-	      val = meth->i2v (meth, ext_str, NULL);
-	      stack_len = sk_CONF_VALUE_num (val);
-	      for (j = 0; j < stack_len; j++)
-		{
-		  nval = sk_CONF_VALUE_value (val, j);
-		  if (strcmp (nval->name, "DNS") == 0
-		      && match_domain (session->host, nval->value))
-		    {
-		      ok = 1;
-		      break;
-		    }
+	    STACK	*gens;
+	    GENERAL_NAME	*gen;
+	    X509_NAME *subj;
+	    char data[256];
+	    int i;
+	gens = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
+	if (gens != NULL) {
+		for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+			gen = sk_GENERAL_NAME_value(gens, i);
+			if (gen->type == GEN_DNS) {
+
+				if (!strcasecmp((char *)gen->d.ia5->data, session->host))
+					goto found;
+			}
 		}
-	    }
-	  if (ok)
-	    break;
 	}
-      if (!ok)
-	{
-	  /* Matching by subjectAltName failed, try commonName */
-	  X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
-				     NID_commonName, buf, sizeof buf);
-	  if (!match_domain (session->host, buf) != 0)
-	    {
-	      if (session->event_cb != NULL)
-		(*session->event_cb) (session, SMTP_EV_WRONG_PEER_CERTIFICATE,
-				      session->event_cb_arg, &ok, buf, ssl);
-	    }
-	  else
-	    ok = 1;
+	if ((subj = X509_get_subject_name(cert)) != NULL &&
+			X509_NAME_get_text_by_NID(subj, NID_commonName,
+				data, sizeof data) > 0) {
+		data[sizeof data - 1] = 0;
+		if (strcasecmp(data, session->host) == 0)
+			goto found;
 	}
-      X509_free (cert);
+	X509_free(cert);
+	return 0;
     }
-  return ok;
+
+  return 0;
+found:
+if (cert)
+	X509_free(cert);
+return 1;
 }
 
 void