From d4458162a4e1046b561b825aaf9a4464fe880f34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 11 Jan 2022 03:39:51 +0100 Subject: [PATCH] doc: correct checkHost behavior with wildcards etc The current documentation is inaccurate in that checkHost does not necessarily return the given host name, but instead returns the subject name that matched the given host name. Refs: https://github.com/nodejs/node/pull/36804 PR-URL: https://github.com/nodejs/node/pull/41468 Reviewed-By: Luigi Pinca Reviewed-By: Filip Skokan --- doc/api/crypto.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index c2800a5e3a9f82..bb0ae576511170 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2498,11 +2498,17 @@ added: v15.6.0 * `partialWildcards` {boolean} **Default:** `true`. * `multiLabelWildcards` {boolean} **Default:** `false`. * `singleLabelSubdomains` {boolean} **Default:** `false`. -* Returns: {string|undefined} Returns `name` if the certificate matches, - `undefined` if it does not. +* Returns: {string|undefined} Returns a subject name that matches `name`, + or `undefined` if no subject name matches `name`. Checks whether the certificate matches the given host name. +If the certificate matches the given host name, the matching subject name is +returned. The returned name might be an exact match (e.g., `foo.example.com`) +or it might contain wildcards (e.g., `*.example.com`). Because host name +comparisons are case-insensitive, the returned subject name might also differ +from the given `name` in capitalization. + ### `x509.checkIP(ip[, options])`