diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 7af78bc..8fdeaa0 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -467,19 +467,16 @@ static int openssl_verify(int preverify_ok, X509_STORE_CTX *ctx)
         return 0;
     }
 
-    if (v->verifyop & SPICE_SSL_VERIFY_OP_HOSTNAME) {
-       if (verify_hostname(cert, v->hostname))
-           return 1;
-        else
-            failed_verifications |= SPICE_SSL_VERIFY_OP_HOSTNAME;
-    }
-
-
     if (v->verifyop & SPICE_SSL_VERIFY_OP_SUBJECT) {
         if (verify_subject(cert, v))
             return 1;
         else
             failed_verifications |= SPICE_SSL_VERIFY_OP_SUBJECT;
+    } else if (v->verifyop & SPICE_SSL_VERIFY_OP_HOSTNAME) {
+       if (verify_hostname(cert, v->hostname))
+           return 1;
+        else
+            failed_verifications |= SPICE_SSL_VERIFY_OP_HOSTNAME;
     }
 
     /* If we reach this code, this means all the tests failed, thus