===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/clientloop.c,v
retrieving revision 1.354
retrieving revision 1.355
diff -u -r1.354 -r1.355
--- src/usr.bin/ssh/clientloop.c	2020/10/18 11:32:01	1.354
+++ src/usr.bin/ssh/clientloop.c	2020/10/29 02:47:23	1.355
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.354 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.355 2020/10/29 02:47:23 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1878,13 +1878,20 @@
 		return 0;
 	}
 
-	/* Record if address matched against a different hostname. */
-	if (ctx->ip_str != NULL && (l->match & HKF_MATCH_HOST) == 0 &&
-	    strchr(l->hosts, ',') != NULL) {
-		ctx->other_name_seen = 1;
-		debug3_f("found address %s against different hostname at "
-		    "%s:%ld", ctx->ip_str, l->path, l->linenum);
-		return 0;
+	/* If CheckHostIP is enabled, then check for mismatched hostname/addr */
+	if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) {
+		if ((l->match & HKF_MATCH_HOST) == 0) {
+			/* Record if address matched a different hostname. */
+			ctx->other_name_seen = 1;
+			debug3_f("found address %s against different hostname "
+			    "at %s:%ld", ctx->ip_str, l->path, l->linenum);
+			return 0;
+		} else if ((l->match & HKF_MATCH_IP) == 0) {
+			/* Record if hostname matched a different address. */
+			ctx->other_name_seen = 1;
+			debug3_f("found hostname %s against different address "
+			    "at %s:%ld", ctx->host_str, l->path, l->linenum);
+		}
 	}
 
 	/*
@@ -2277,7 +2284,7 @@
 		    ctx->ip_str ? ctx->ip_str : "(none)");
 		if ((r = hostkeys_foreach(options.user_hostfiles[i],
 		    hostkeys_find, ctx, ctx->host_str, ctx->ip_str,
-		    HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) {
+		    HKF_WANT_PARSE_KEY)) != 0) {
 			if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
 				debug_f("hostkeys file %s does not exist",
 				    options.user_hostfiles[i]);