diff --git a/curl-fix-verifyhost.patch b/curl-fix-verifyhost.patch
new file mode 100644
index 0000000..adcefe3
--- /dev/null
+++ b/curl-fix-verifyhost.patch
@@ -0,0 +1,30 @@
+From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 8 Mar 2022 13:38:13 +0100
+Subject: [PATCH] openssl: fix CN check error code
+
+Due to a missing 'else' this returns error too easily.
+
+Regressed in: d15692ebb
+
+Reported-by: Kristoffer Gleditsch
+Fixes #8559
+Closes #8560
+---
+ lib/vtls/openssl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 0b79fc50a9c5..4618beeb3867 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+               memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
+               peer_CN[peerlen] = '\0';
+             }
+-            result = CURLE_OUT_OF_MEMORY;
++            else
++              result = CURLE_OUT_OF_MEMORY;
+           }
+         }
+         else /* not a UTF8 name */
diff --git a/curl.changes b/curl.changes
index e8466ad..bcf6a00 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Mar 11 16:36:50 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix: openssl: fix CN check error code
+  * Add curl-fix-verifyhost.patch
+
 -------------------------------------------------------------------
 Mon Mar  7 08:01:26 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/curl.spec b/curl.spec
index c8caa79..d613eff 100644
--- a/curl.spec
+++ b/curl.spec
@@ -33,8 +33,10 @@ Source4:        https://daniel.haxx.se/mykey.asc#/curl.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch2:         curl-secure-getenv.patch
-# PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
+#PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled
 Patch3:         curl-disabled-redirect-protocol-message.patch
+#PATCH-FIX-UPSTREAM Fix: openssl: fix CN check error code
+Patch4:         curl-fix-verifyhost.patch
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 Requires:       libcurl4 = %{version}
@@ -95,6 +97,7 @@ user interaction or any kind of interactivity.
 %patch1
 %patch2
 %patch3 -p1
+%patch4 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS