pub fn matches_domain(pattern: &str, hostname: &str) -> boolExpand description
Check whether a certificate DNS name pattern matches a hostname.
RFC 6125 Section 6.4.3 — wildcard matching rules:
- Only the leftmost label may be a wildcard:
*.example.comis valid,foo.*.example.comis NOT. - No partial wildcards:
f*.example.comis NOT allowed. - The wildcard does not match across label boundaries (dots):
*.example.commatchesfoo.example.combut NOTfoo.bar.example.com. - The wildcard MUST NOT match the empty string:
*.example.comdoes NOT matchexample.com.
RFC 6125 Section 6.4.1: comparison is case-insensitive (ASCII fold).
IDN/A-labels (punycode): both pattern and hostname are compared in their A-label (ASCII-compatible encoding) form. This function does not perform U-label to A-label conversion; callers must ensure both inputs use the same encoding.