Comment 46 for bug 376484

(In reply to comment #45)
> I found a live webmail server on the internet that relies on this "feature".
> https://mail.netidentity.com.cust.hostedemail.com/
> Their cert uses this wildcard pattern: *.hostedemail.com
> They're counting on '*' to match "mail.netidentity.com.cust".

There is _always_ going to be somebody not doing what they are supposed to be doing. That doesn't mean we shouldn't fix it to be correct, with regards to RFC 2818. Please note that Safari 3.x and IE 7 both consider abusing SSL certificates like that as a failure. Safari completely refuses to load the site while IE 7 allows the user to continue on after accepting a warning dialog. I just don't see why one site (or even multiple sites) doing something wrong should cause us not to fix an actual bug that could be abused by people for nefarious purposes.