rustls · djc · Jan 20, 2025 · Jan 6, 2025 · Jan 20, 2025 · Jan 6, 2025
diff --git a/src/cert.rs b/src/cert.rs
@@ -139,7 +139,7 @@ impl<'a> Cert<'a> {
     ///
     /// [EndEntityCert::verify_is_valid_for_subject_name]: crate::EndEntityCert::verify_is_valid_for_subject_name
     pub fn valid_dns_names(&self) -> impl Iterator<Item = &str> {
-        NameIterator::new(Some(self.subject), self.subject_alt_name).filter_map(|result| {
+        NameIterator::new(self.subject_alt_name).filter_map(|result| {
             let presented_id = match result.ok()? {
                 GeneralName::DnsName(presented) => presented,
                 _ => return None,

diff --git a/src/subject_name/dns_name.rs b/src/subject_name/dns_name.rs
@@ -20,13 +20,13 @@ use core::fmt::Write;
 use pki_types::ServerName;
 use pki_types::{DnsName, InvalidDnsNameError};
 
-use super::verify::{GeneralName, NameIterator};
+use super::{GeneralName, NameIterator};
 use crate::cert::Cert;
 use crate::error::{Error, InvalidNameContext};
 
 pub(crate) fn verify_dns_names(reference: &DnsName<'_>, cert: &Cert<'_>) -> Result<(), Error> {
     let dns_name = untrusted::Input::from(reference.as_ref().as_bytes());
-    let result = NameIterator::new(Some(cert.subject), cert.subject_alt_name).find_map(|result| {
+    let result = NameIterator::new(cert.subject_alt_name).find_map(|result| {
         let name = match result {
             Ok(name) => name,
             Err(err) => return Some(Err(err)),
@@ -58,7 +58,7 @@ pub(crate) fn verify_dns_names(reference: &DnsName<'_>, cert: &Cert<'_>) -> Resu
     {
         Err(Error::CertNotValidForName(InvalidNameContext {
             expected: ServerName::DnsName(reference.to_owned()),
-            presented: NameIterator::new(Some(cert.subject), cert.subject_alt_name)
+            presented: NameIterator::new(cert.subject_alt_name)
                 .filter_map(|result| Some(format!("{:?}", result.ok()?)))
                 .collect(),
         }))

diff --git a/src/subject_name/ip_address.rs b/src/subject_name/ip_address.rs
@@ -19,7 +19,7 @@ use pki_types::IpAddr;
 #[cfg(feature = "alloc")]
 use pki_types::ServerName;
 
-use super::verify::{GeneralName, NameIterator};
+use super::{GeneralName, NameIterator};
 use crate::cert::Cert;
 use crate::error::{Error, InvalidNameContext};
 
@@ -29,7 +29,7 @@ pub(crate) fn verify_ip_address_names(reference: &IpAddr, cert: &Cert<'_>) -> Re
         IpAddr::V6(ip) => untrusted::Input::from(ip.as_ref()),
     };
 
-    let result = NameIterator::new(None, cert.subject_alt_name).find_map(|result| {
+    let result = NameIterator::new(cert.subject_alt_name).find_map(|result| {
         let name = match result {
             Ok(name) => name,
             Err(err) => return Some(Err(err)),
@@ -58,7 +58,7 @@ pub(crate) fn verify_ip_address_names(reference: &IpAddr, cert: &Cert<'_>) -> Re
     {
         Err(Error::CertNotValidForName(InvalidNameContext {
             expected: ServerName::from(*reference),
-            presented: NameIterator::new(None, cert.subject_alt_name)
+            presented: NameIterator::new(cert.subject_alt_name)
                 .filter_map(|result| Some(format!("{:?}", result.ok()?)))
                 .collect(),
         }))