Extracted from #13980.
|
fn checkHostName(host_name: []const u8, dns_name: []const u8) bool { |
|
if (mem.eql(u8, dns_name, host_name)) { |
|
return true; // exact match |
|
} |
|
|
|
if (mem.startsWith(u8, dns_name, "*.")) { |
|
// wildcard certificate, matches any subdomain |
|
// TODO: I think wildcards are not supposed to match any prefix but |
|
// only match exactly one subdomain. |
|
if (mem.endsWith(u8, host_name, dns_name[1..])) { |
|
// The host_name has a subdomain, but the important part matches. |
|
return true; |
|
} |
|
if (mem.eql(u8, dns_name[2..], host_name)) { |
|
// The host_name has no subdomain and matches exactly. |
|
return true; |
|
} |
|
} |
|
|
|
return false; |
|
} |
This allows any prefix for wildcard hosts but it should only allow anything for one level of subdomain.
For example, *.ziglang.org should match foo.ziglang.org but it should not match bar.foo.ziglang.org.
