ruby: permissive certificate verification

After reviewing RFC 6125 and RFC 5280, multiple violations were found of
matching hostnames and particularly wildcard certificates.

Ruby’s OpenSSL extension will now provide a string-based matching
algorithm which follows more strict behavior, as recommended by these
RFCs. In particular, matching of more than one wildcard per subject/SAN
is no-longer allowed. As well, comparison of these values are now
case-insensitive.

This change will take affect Ruby’s
OpenSSL::SSL#verify_certificate_identity behavior.

Specifically:

• Only one wildcard character in the left-most part of the hostname is
  allowed.
• IDNA names can now only be matched by a simple wildcard (e.g.
  ‘*.domain’).
• Subject/SAN should be limited to ASCII characters only.