There's a new wildcard cert attack made public here:
I took a pass over the name matching code, and unless something in openssl or the code that gets at the subject names is somehow immune, the matching logic seems to be vulnerable. If not, feel free to close.
If a fix is needed, I think it will require capturing the actual length of the subject name to match with rather than relying on null terminated strings. I couldn't actually follow the current code very well, so I'm going to keep looking at it.