From 65ed742477213d377a594c6872c63a1757880ee2 Mon Sep 17 00:00:00 2001
From: Andrew Ayer <agwa@andrewayer.name>
Date: Tue, 26 Apr 2016 14:49:39 -0700
Subject: [PATCH] Support wildcards

For example, if you're watching subdomain.example.com, a cert for
*.example.com will now match.
---
 cmd/ctwatch/main.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/cmd/ctwatch/main.go b/cmd/ctwatch/main.go
index 6605ede..504c7e7 100644
--- a/cmd/ctwatch/main.go
+++ b/cmd/ctwatch/main.go
@@ -27,8 +27,16 @@ var watchDomains []string
 var watchDomainSuffixes []string
 
 func addWatchDomain (domain string) {
-	watchDomains = append(watchDomains, strings.ToLower(domain))
-	watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
+	domain = strings.ToLower(domain)
+
+	watchDomains = append(watchDomains, domain)
+	watchDomainSuffixes = append(watchDomainSuffixes, "." + domain)
+
+	if dot := strings.IndexRune(domain, '.'); dot != -1 {
+		// also look for wildcard names that could match
+		// TODO: support exotic wildcards (wildcards besides "*.<DOMAIN>") in case there are CAs that issue them (there are) and clients that support them (less clear)
+		watchDomains = append(watchDomains, "*" + domain[dot:])
+	}
 }
 
 func setWatchDomains (domains []string) error {