--- mutt_ssl.c
+++ mutt_ssl.c	2009-09-09 14:13:19.600635937 +0200
@@ -681,7 +681,8 @@ static int check_host (X509 *x509cert, c
       subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
       if (subj_alt_name->type == GEN_DNS)
       {
-	if ((match_found = hostname_match(hostname_ascii,
+	if (mutt_strlen(subj_alt_name->d.ia5->data) == subj_alt_name->d.ia5->length &&
+	    (match_found = hostname_match(hostname_ascii,
 					  (char *)(subj_alt_name->d.ia5->data))))
 	{
 	  break;
@@ -711,7 +712,9 @@ static int check_host (X509 *x509cert, c
 	strfcpy (err, _("cannot get certificate common name"), errlen);
       goto out;
     }
-    match_found = hostname_match(hostname_ascii, buf);
+    if (mutt_strlen(buf) == bufsize - 1) {
+      match_found = hostname_match(hostname_ascii, buf);
+    }
   }
 
   if (!match_found)