ssltool.patch

From dfa54b947815fdf1ba957c64bb4e489d041bbf3e Mon Sep 17 00:00:00 2001
From: Thomas Hollstegge <[email protected]>
Date: Mon, 2 Sep 2013 18:07:47 +0200
Subject: [PATCH 1/2] Check all CNs when testing for domain name

---
 lib/ssltool/certificate.rb |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/ssltool/certificate.rb b/lib/ssltool/certificate.rb
index cbea63a..a8d1ef9 100644
--- a/lib/ssltool/certificate.rb
+++ b/lib/ssltool/certificate.rb
@@ -53,12 +53,16 @@ module SSLTool
       @fingerprint ||= Digest::SHA1.hexdigest(to_der)
     end
 
+    def common_names
+      subject.to_a.select { |k, _, _| k == "CN" }.map { |_, v, _| v }
+    end
+
     def common_name
       k, v, t = subject.to_a.find { |k, v, t| k == "CN" }; v
     end
 
     def for_domain_name?
-      common_name =~ RX_DOMAIN_NAME
+      common_names.find { |cn| cn =~ RX_DOMAIN_NAME }
     end
 
     def domain_names
-- 
1.7.9.5


From d15e3b3a1e1e8eb254ee28fd866f9484fd168771 Mon Sep 17 00:00:00 2001
From: Thomas Hollstegge <[email protected]>
Date: Tue, 3 Sep 2013 11:05:46 +0200
Subject: [PATCH 2/2] Include subject alternative names when checking for
 domain name

---
 lib/ssltool/certificate.rb |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/ssltool/certificate.rb b/lib/ssltool/certificate.rb
index a8d1ef9..073e49e 100644
--- a/lib/ssltool/certificate.rb
+++ b/lib/ssltool/certificate.rb
@@ -61,12 +61,16 @@ module SSLTool
       k, v, t = subject.to_a.find { |k, v, t| k == "CN" }; v
     end
 
+    def domain_common_names
+      common_names.select { |cn| cn =~ RX_DOMAIN_NAME }
+    end
+
     def for_domain_name?
-      common_names.find { |cn| cn =~ RX_DOMAIN_NAME }
+      !domain_names.empty?
     end
 
     def domain_names
-      [ (common_name if for_domain_name?),
+      [ domain_common_names,
         map_extension_value('subjectAltName') { |s| s.scan(/\bDNS:([^\s,]+)/) },
       ].flatten.compact.sort.uniq
     end
-- 
1.7.9.5