crypto/x509: make behaviour of absolute DNS names match Chromium.

Previously, we didn't handle absolute DNS names in certificates the same
way as Chromium, and we probably shouldn't diverge from major browsers.

Change-Id: I56a3962ad1002f68b5dbd65ae90991b82c2f5629
Reviewed-on: https://go-review.googlesource.com/5692Reviewed-by: Andrew Gerrand <adg@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

src/crypto/x509/verify.go

@@ -324,6 +324,7 @@ nextIntermediate:
 
 func matchHostnames(pattern, host string) bool {
 	host = strings.TrimSuffix(host, ".")
+	pattern = strings.TrimSuffix(pattern, ".")
 
 	if len(pattern) == 0 || len(host) == 0 {
 		return false

src/crypto/x509/x509_test.go

@@ -161,7 +161,6 @@ var matchHostnamesTests = []matchHostnamesTest{
 	{"", "b.b.c", false},
 	{"a.b.c", "", false},
 	{"example.com", "example.com", true},
-	{"example.com", "example.com.", true},
 	{"example.com", "www.example.com", false},
 	{"*.example.com", "example.com", false},
 	{"*.example.com", "www.example.com", true},
@@ -174,6 +173,13 @@ var matchHostnamesTests = []matchHostnamesTest{
 	{"", ".", false},
 	{".", "", false},
 	{".", ".", false},
+	{"example.com", "example.com.", true},
+	{"example.com.", "example.com", true},
+	{"example.com.", "example.com.", true},
+	{"*.com.", "example.com.", true},
+	{"*.com.", "example.com", true},
+	{"*.com", "example.com", true},
+	{"*.com", "example.com.", true},
 }
 
 func TestMatchHostnames(t *testing.T) {