X509_NAME_get_text_by_NID() returns -1 on error so the type

the return value is stored in must be signed.  Fixes a test for error.

ok jsing@ guenther@

diff --git a/lib/libressl/ressl_verify.c b/lib/libressl/ressl_verify.c
index e98a264..0942f7e 100644 (file)
--- a/lib/libressl/ressl_verify.c
+++ b/lib/libressl/ressl_verify.c
@@ -143,7 +143,7 @@ ressl_check_common_name(X509 *cert, const char *host)
 {
        X509_NAME *name;
        char *common_name = NULL;
-       size_t common_name_len;
+       int common_name_len;
        int rv = -1;
 
        name = X509_get_subject_name(cert);