--- lib/sslcommon.c	2005-01-04 14:32:11.000000000 +0100
+++ lib/sslcommon.c	2006-06-19 15:23:13.000000000 +0200
@@ -182,7 +182,18 @@
       X509_NAME_get_text_by_NID (subj, NID_commonName, data, 256) > 0)
     {
       data[sizeof (data) - 1] = '\0';
-      if (strcasecmp (data, request->hostname) != 0)
+      /* Check for wildcard CN (must begin with *.) */
+      if (strncmp(data, "*.", 2) == 0)
+        {
+          int hostname_len = strlen(data) - 1;
+          if (strlen(request->hostname) > hostname_len &&
+              strcasecmp (&(data[1]), &(request->hostname[strlen(request->hostname) - hostname_len])) == 0)
+              ok = 1;
+        }
+      else if (strcasecmp (data, request->hostname) == 0)
+          ok = 1;
+      
+      if (!ok)
         {
           request->logging_function (gftp_logging_error, request,
                                      _("ERROR: The host in the SSL certificate (%s) does not match the host that we connected to (%s). Aborting connection.\n"),