Ensure that we can match on subject altnames, as well as the CN.

Also update the documentation to indicate the behaviour.

There might be a case for adding a bool argument to matchesHostname()
so that you can test if it matches just the CN, or either CN or
altname. 

This function should probably also test IP address (and perhaps also
XMPP) altnames, but I'd like to think about that a bit more first, and
trial it with a real certificate.

CCMAIL: justin@affinix.com
CCBUG: 107604


svn path=/trunk/kdesupport/qca/; revision=540564

include/QtCrypto/qca_cert.h

@@ -524,6 +524,10 @@ namespace QCA
 		/**
 		   Test if the subject of the certificate matches a specified host name
 
+		   This will return true (indicating a match), if the
+		   specified host name matches either the CommonName,
+		   or an alternative name specified in the certificate.
+
 		   \param host the name of the host to compare to
 		*/
 		bool matchesHostname(const QString &host) const;

src/qca_cert.cpp

@@ -455,7 +455,8 @@ bool Certificate::matchesHostname(const QString &realHost) const
 		peerHost.truncate(peerHost.length()-1);
 	peerHost = peerHost.toLower();
 
-	if(cnMatchesAddress(commonName(), peerHost))
+	if(cnMatchesAddress(commonName(), peerHost) ||
+	   subjectInfo().values(DNS).contains(peerHost) )
 		return true;
 	return false;
 }