From d573662f5e3ecd0c533aecd5662c2150ac1d0b3e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Sun, 28 Oct 2018 19:16:26 +0100
Subject: [PATCH] system_certmanager, allow wildcards in alternative name, for
 https://github.com/opnsense/core/issues/2858

---
 src/www/system_certmanager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php
index 6177938e6..43c06e1e2 100644
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
@@ -340,7 +340,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             foreach ($altnames as $altname) {
                 switch ($altname['type']) {
                     case "DNS":
-                        if (!is_hostname($altname['value'])) {
+                        $dns_regex = '/^(?:(?:[a-z0-9_\*]|[a-z0-9_][a-z0-9_\-]*[a-z0-9_])\.)*(?:[a-z0-9_]|[a-z0-9_][a-z0-9_\-]*[a-z0-9_])$/i';
+                        if (!preg_match($dns_regex, $altname['value'])) {
                             $input_errors[] = gettext("DNS subjectAltName values must be valid hostnames or FQDNs");
                         }
                         break;