pnmatch
X509_NAME *name, int *pnmatch)
if (idx >= 0 && pnmatch) {
*pnmatch = 1;
(*pnmatch)++;
if (!pnmatch(path, pp)) {
