diff -r 00411a4fa1bb -r 75d0c38a0bca tests/test-url.py
--- a/tests/test-url.py	Sat Jan 08 21:52:25 2011 +0900
+++ b/tests/test-url.py	Sun Jan 09 00:35:36 2011 +0900
@@ -25,6 +25,18 @@
 check(_verifycert(cert('*.example.com'), 'w.w.example.com'),
       'certificate is for *.example.com')
 
+# Test subjectAltName
+san_cert = {'subject': ((('commonName', 'example.com'),),),
+            'subjectAltName': (('DNS', '*.example.net'),
+                               ('DNS', 'example.net'))}
+check(_verifycert(san_cert, 'example.net'),
+      None)
+check(_verifycert(san_cert, 'foo.example.net'),
+      None)
+# subject is only checked when subjectAltName is empty
+check(_verifycert(san_cert, 'example.com'),
+      'certificate is for *.example.net, example.net')
+
 # Avoid some pitfalls
 check(_verifycert(cert('*.foo'), 'foo'),
       'certificate is for *.foo')
@@ -33,7 +45,7 @@
 
 check(_verifycert({'subject': ()},
                   'example.com'),
-      'no commonName found in certificate')
+      'no commonName or subjectAltName found in certificate')
 check(_verifycert(None, 'example.com'),
       'no certificate received')