From 4d3ce9034a9631190d8a31879aed537c3f917ec3 Mon Sep 17 00:00:00 2001
From: Serg Melikyan <smelikyan@mirantis.com>
Date: Mon, 14 Oct 2013 14:10:07 +0400
Subject: [PATCH] Allow single-wildcard SSL common name matching

Fixed Bug #1238607

Change-Id: I0f5756fa235483ba98d39776dcdba1ce0f991171
---
 muranoclient/common/http.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/muranoclient/common/http.py b/muranoclient/common/http.py
index 5b275f8e..30a5116c 100644
--- a/muranoclient/common/http.py
+++ b/muranoclient/common/http.py
@@ -327,10 +327,17 @@ class VerifiedHTTPSConnection(HTTPSConnection):
         connecting to, ie that the certificate's Common Name
         or a Subject Alternative Name matches 'host'.
         """
+        common_name = x509.get_subject().commonName
+
         # First see if we can match the CN
-        if x509.get_subject().commonName == host:
+        if common_name == host:
             return True
 
+        # Support single wildcard matching
+        if common_name.startswith('*.') and host.find('.') > 0:
+            if common_name[2:] == host.split('.', 1)[1]:
+                return True
+
         # Also try Subject Alternative Names for a match
         san_list = None
         for i in xrange(x509.get_extension_count()):