I have similar problem on python-glanceclient 0.12.0, with a certificate where wildcard is in "subjectAltName".
$ glance image-list
00:03:30 Host "proxy.example.org" does not match x509 certificate contents: CommonName "*.example.com", subjectAltName "DNS:*.example.com, DNS:example.com, DNS:*.example.org, DNS:example.org"
Small patch for this :
--- glanceclient/common/http.py.ori 2013-11-15 18:00:29.000000000 +0100
+++ glanceclient/common/http.py 2014-09-22 16:09:07.090590900 +0200
@@ -363,6 +363,9 @@ for san in ''.join(san_list.split()).split(','): if san == "DNS:%s" % host: return True
+ if san.startswith('DNS:*.') and san.find('.') > 0:
+ if san[6:] == san.split('.', 1)[1]:
+ return True
# Server certificate does not match host
msg = ('Host "%s" does not match x509 certificate contents: '
I have similar problem on python-glanceclient 0.12.0, with a certificate where wildcard is in "subjectAltName".
$ glance image-list
00:03:30 Host "proxy.example.org" does not match x509 certificate contents: CommonName "*.example.com", subjectAltName "DNS:*.example.com, DNS:example.com, DNS:*.example.org, DNS:example.org"
Small patch for this : common/ http.py. ori 2013-11-15 18:00:29.000000000 +0100 common/ http.py 2014-09-22 16:09:07.090590900 +0200
for san in ''.join( san_list. split() ).split( ','):
if san == "DNS:%s" % host:
return True 'DNS:*. ') and san.find('.') > 0:
--- glanceclient/
+++ glanceclient/
@@ -363,6 +363,9 @@
+ if san.startswith(
+ if san[6:] == san.split('.', 1)[1]:
+ return True
# Server certificate does not match host
msg = ('Host "%s" does not match x509 certificate contents: '