From 07bfd55a4dbc1bf04ea3932579a564aec7aa07e6 Mon Sep 17 00:00:00 2001
From: Evan Rittenhouse <erittenhouse@cloudflare.com>
Date: Tue, 23 Jul 2024 17:06:21 -0500
Subject: [PATCH] Fix x509_check_host return value

The [x509_check_host docs](https://www.openssl.org/docs/man1.1.1/man3/X509_check_host.html)
state:
> The functions return 1 for a successful match, 0 for a failed match
and -1 for an internal error: typically a memory allocation failure or
an ASN.1 decoding error.
All functions can also return -2 if the input is malformed. For example,
X509_check_host() returns -2 if the provided name contains embedded
NULs.

The current implementation will return `true` for 1, -1, and -2,
therefore returning an incorrect value if any of the above error cases
are hit.
---
 boring/src/x509/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs
index 50750d66..30a4b2b8 100644
--- a/boring/src/x509/mod.rs
+++ b/boring/src/x509/mod.rs
@@ -601,7 +601,7 @@ impl X509Ref {
                 0,
                 std::ptr::null_mut(),
             ))
-            .map(|n| n != 0)
+            .map(|n| n == 1)
         }
     }