From 3624fd95101efb9186d2144b03f9d2c9925f5652 Mon Sep 17 00:00:00 2001
From: sloum <sloum@colorfield.space>
Date: Sun, 1 Nov 2020 06:45:11 -0800
Subject: [PATCH] Minor fix to how we verify hostnames

---
 gemini/gemini.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gemini/gemini.go b/gemini/gemini.go
index 526aca6..482cfae 100644
--- a/gemini/gemini.go
+++ b/gemini/gemini.go
@@ -78,7 +78,7 @@ func (t *TofuDigest) Match(host, localCert string, cState *tls.ConnectionState)
 			return fmt.Errorf("EXP")
 		}
 
-		if err := cert.VerifyHostname(host); err != nil {
+		if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
 			return fmt.Errorf("Certificate error: %s", err)
 		}
 
@@ -107,7 +107,7 @@ func (t *TofuDigest) newCert(host string, cState *tls.ConnectionState) error {
 			continue
 		}
 
-		if err := cert.VerifyHostname(host); err != nil {
+		if err := cert.VerifyHostname(host); err != nil && cert.Subject.CommonName != host {
 			reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index+1))
 			continue
 		}