Fixes

https_adapter.py

@@ -9,9 +9,11 @@ from requests.utils import (
     select_proxy,
     urldefragauth,
 )
+import urllib3
 from urllib3.util import parse_url
 from urllib3.util.retry import Retry
 from urllib3.util import Timeout as TimeoutSauce
+from urllib3.util.ssl_match_hostname import match_hostname as match_hostname
 
 DEFAULT_POOLBLOCK = False
 DEFAULT_POOLSIZE = 10
@@ -262,8 +264,15 @@ class HTTPSAdapter(HTTPAdapter):
 
         return self.build_response(request, resp)
 
-from urllib3.util.ssl_match_hostname import match_hostname as _match_hostname
-def match_hostname(cert, hostname):
+def ballow_subdomain_matching(hostname, dnsnames):
+    for elt in dnsnames:
+        if len(split(hostname, '.')) > len(split(elt, '.')) and \
+          hostname.endswith(elt):
+            # parent
+            return True
+    return False
+
+def my_match_hostname(cert, hostname):
     """Verify that *cert* (in decoded format as returned by
     SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
     rules are followed, but IP addresses are not accepted for *hostname*.
@@ -316,6 +325,8 @@ def match_hostname(cert, hostname):
                     dnsnames.append(value)
     if len(dnsnames) > 1:
         # soften this to allow subdomain matching
+        if ballow_subdomain_matching(hostname, dnsnames):
+            return
         raise CertificateError(
             "hostname %r "
             "doesn't match any of %s" % (hostname, ", ".join(map(repr, dnsnames)))
@@ -327,5 +338,4 @@ def match_hostname(cert, hostname):
             "no appropriate commonName or subjectAltName fields were found"
         )
 
-urllib3.util.ssl_match_hostname = match_hostname
-
+urllib3.util.ssl_match_hostname.match_hostnaem = my_match_hostname