Comment 64 for bug 376484

Binary package hint: mozilla-firefox

firefox 3.0.10+nobinonly-0ubuntu0.9.04.1

http://www.ietf.org/rfc/rfc2818.txt states the following:
   Matching is performed using the matching rules specified by
   [RFC2459]. If more than one identity of a given type is present in
   the certificate (e.g., more than one dNSName name, a match in any one
   of the set is considered acceptable.) Names may contain the wildcard
   character * which is considered to match any single domain name
   component or component fragment. E.g., *.a.com matches foo.a.com but
   not bar.foo.a.com. f*.com matches foo.com but not bar.com.

Firefox accepts *.foo.com certificate for a domain baz.bar.foo.com even though it shouldn't do that. Tested with new DigiCert wildcard certificate and it seems like IE handles this situation correctly.