Method: OpenSSL::SSL.verify_wildcard

Defined in:
lib/openssl/ssl.rb

.verify_wildcard(domain_component, san_component) ⇒ Object

:nodoc:



379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
# File 'lib/openssl/ssl.rb', line 379

def verify_wildcard(domain_component, san_component) # :nodoc:
  parts = san_component.split("*", -1)

  return false if parts.size > 2
  return san_component == domain_component if parts.size == 1

  # RFC 6125, section 6.4.3, subitem 3.
  # The client SHOULD NOT attempt to match a presented identifier
  # where the wildcard character is embedded within an A-label or
  # U-label of an internationalized domain name.
  return false if domain_component.start_with?("xn--") && san_component != "*"

  parts[0].length + parts[1].length < domain_component.length &&
  domain_component.start_with?(parts[0]) &&
  domain_component.end_with?(parts[1])
end