Sam Napolitano added the comment:
Sorry I wasn't able to get back to you sooner.
If having a trailing dot in the cert is an RFC violation, then case 2 can be
left alone.
As for case 3, we can be more explicit: if hostname ends in a dot AND cert
does not end in a dot, strip dot
New submission from Sam Napolitano :
I recently came across an issue in the ssl library and have a simple fix to
address it.
When doing hostname verification against an X.509 certificate, a trailing dot
(period) in the hostname is matched against the certificate. But the trailing
dot should
