From 9b56ebe4c4e827a853b2781b3c8b6b1b77eb96bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20He=C4=8Da?= <michael.heca@gmail.com>
Date: Sat, 7 Apr 2018 07:40:40 +0200
Subject: [PATCH] support for wildcards in alt names

---
 checkssl | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/checkssl b/checkssl
index f09c652..315f77b 100755
--- a/checkssl
+++ b/checkssl
@@ -385,11 +385,17 @@ while IFS= read -r LINE; do
       if [[ -z $CERTINFO ]]; then
         PROBLEMS=$(echo "${PROBLEMS}- no certificate found")
       else
-        ALT_NAMES=$(echo "$CERTINFO" | openssl x509 -noout -text 2>/dev/null| grep "Subject Alternative Name" -A2 |grep -Eo "DNS:[a-zA-Z 0-9.-]*" | cut -c 5-)
+        ALT_NAMES=$(echo "$CERTINFO" | openssl x509 -noout -text 2>/dev/null| grep "Subject Alternative Name" -A2 |grep -Eo "DNS:[-a-zA-Z 0-9.*]*" | cut -c 5-)
         debug "ALT Names  $ALT_NAMES"
-        if [[ "$(echo "$ALT_NAMES" | grep "^${DOMAIN}")" == "${DOMAIN}" ]]; then
-          ISSUEDTO="${DOMAIN} (alt)"
-        else
+        ISSUEDTO=
+        for ALT_NAME in $ALT_NAMES; do
+          debug "check '$DOMAIN' == '$ALT_NAME'"
+          if [[ $DOMAIN == $ALT_NAME ]]; then
+            ISSUEDTO="${ALT_NAME} (alt)"
+          fi
+        done
+        if [ -z "$ISSUEDTO" ]; then
+          ISSUEDTO="-"
           PROBLEMS="${PROBLEMS}- possible name mismatch"
         fi
       fi