[fetchmail] Checking Subject Alternative Name of TLS certificate

Hi,

some weeks ago, the administrators of the Computing Center in my
university changed the CommonName of the Mail server's certificate.
Since then, I get the following warnings when fetching my mail:

> =====
> fetchmail: Server CommonName mismatch: 
> (sigma|sigma2|mailslv1).informatik.hu-berlin.de !=
> sigma.informatik.hu-berlin.de
> fetchmail: Server CommonName mismatch:
> (sigma|sigma2|mailslv1).informatik.hu-berlin.de !=
> sigma.informatik.hu-berlin.de
> fetchmail: Server CommonName mismatch:
> (sigma|sigma2|mailslv1).informatik.hu-berlin.de !=
> sigma.informatik.hu-berlin.de
> =====
After that, the program proceeds fine, but I get annoying warning mails
generated because of this stderr messages. I asked them about this crazy
Server Name ("(sigma|sigma2|mailslv1).informatik.hu-berlin.de") and they
said that this way, they support old Netscape versions which interpret
the CommonName as RegExp, and that after RFC 2818, the "Subject
Alternative Name" should be checked _before_ the CommonName. (In my
opinion, RFC 2595 is more appropriate, but basically means the same.)

They said that I would first have to check the Subject Alternative Name
to eliminate this problem. OK, I prepared a small patch for fetchmail
(see Attachment). Unfortunately, it uses x509v3.h instead of x509.h
(well - possibly needed anyway somday), but works quite well. :)

What do you think? In the case that you are sure that this one shouldn't
go into fetchmail, please help me to convince our admins not to use
CommonNames like the aforementioned. But then, you should also explain
why to ignore the corresponding RFCs. :-)

Thanks!

bye,
  Roland

fetchmail-6.2.2subjectAltName.patch
Description: Text document

signature.asc
Description: This is a digitally signed message part