+ /* Check that the common name in the presented certificate matches
+ HOST. This is a very simple implementation that should be
+ improved in the following ways:
+
+ 1. It should use dNSName if available; according to rfc2818: "If
+ a subjectAltName extension of type dNSName is present, that
+ MUST be used as the identity." Ditto for iPAddress.
+
+ 2. It should support the wildcard character "*". Quoting
+ rfc2818, "Names may contain the wildcard character * which is
+ considered to match any single domain name component or
+ component fragment. E.g., *.a.com matches foo.a.com but not
+ bar.foo.a.com. f*.com matches foo.com but not bar.com."