From 59c231808f9896d1725d653f3a40f7086c76683f Mon Sep 17 00:00:00 2001
From: neocogent <info@neocogent.com>
Date: Fri, 17 Jul 2015 04:03:40 +0700
Subject: [PATCH 1/3] add wildcard ssl support

---
 lib/interface.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/interface.py b/lib/interface.py
index 0c7a3c299..8ca224b4b 100644
--- a/lib/interface.py
+++ b/lib/interface.py
@@ -129,7 +129,7 @@ class TcpInterface(threading.Thread):
             return False
         if peercert.has_key("subjectAltName"):
             for typ, val in peercert["subjectAltName"]:
-                if typ == "DNS" and val == name:
+                if typ == "DNS"  and (val == name or (val[0] == '*' and name.find(val[1:]) + len(val[1:]) == len(name))):
                     return True
         else:
             # Only check the subject DN if there is no subject alternative

From 3c563b85aded095e5ddcc1f9fbd0624a5bd22aa3 Mon Sep 17 00:00:00 2001
From: neocogent <info@neocogent.com>
Date: Fri, 17 Jul 2015 04:22:39 +0700
Subject: [PATCH 2/3] adjust comment about wildcards

---
 lib/interface.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/interface.py b/lib/interface.py
index 8ca224b4b..07d66e1bf 100644
--- a/lib/interface.py
+++ b/lib/interface.py
@@ -121,8 +121,7 @@ class TcpInterface(threading.Thread):
 
     def check_host_name(self, peercert, name):
         """Simple certificate/host name checker.  Returns True if the
-        certificate matches, False otherwise.  Does not support
-        wildcards."""
+        certificate matches, False otherwise."""
         # Check that the peer has supplied a certificate.
         # None/{} is not acceptable.
         if not peercert:

From 8792301846f444d487f907f7613345eda7a67745 Mon Sep 17 00:00:00 2001
From: neocogent <info@neocogent.com>
Date: Fri, 17 Jul 2015 10:48:28 +0700
Subject: [PATCH 3/3] restrict to *. only, add DN support also

---
 lib/interface.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/interface.py b/lib/interface.py
index 07d66e1bf..06b8ecf3a 100644
--- a/lib/interface.py
+++ b/lib/interface.py
@@ -128,7 +128,7 @@ class TcpInterface(threading.Thread):
             return False
         if peercert.has_key("subjectAltName"):
             for typ, val in peercert["subjectAltName"]:
-                if typ == "DNS"  and (val == name or (val[0] == '*' and name.find(val[1:]) + len(val[1:]) == len(name))):
+                if typ == "DNS"  and (val == name or (val.find('*.') == 0 and name.find(val[1:]) + len(val[1:]) == len(name))):
                     return True
         else:
             # Only check the subject DN if there is no subject alternative
@@ -139,7 +139,7 @@ class TcpInterface(threading.Thread):
                 if attr == "commonName":
                     cn = val
             if cn is not None:
-                return cn == name
+                return (cn == name or (cn.find('*.') == 0 and name.find(cn[1:]) + len(cn[1:]) == len(name)))
         return False