From 5c0c459976602a751cf4f5b1d7256091638cd25f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 11 Jan 2022 03:39:51 +0100 Subject: [PATCH] doc: correct checkHost behavior with wildcards etc The current documentation is inaccurate in that checkHost does not necessarily return the given host name, but instead returns the subject name that matched the given host name. Refs: https://github.com/nodejs/node/pull/36804 PR-URL: https://github.com/nodejs/node/pull/41468 Reviewed-By: Luigi Pinca Reviewed-By: Filip Skokan --- doc/api/crypto.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 1899594504abb8..1b390dc12af497 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2498,11 +2498,17 @@ added: v15.6.0 * `partialWildcards` {boolean} **Default:** `true`. * `multiLabelWildcards` {boolean} **Default:** `false`. * `singleLabelSubdomains` {boolean} **Default:** `false`. -* Returns: {string|undefined} Returns `name` if the certificate matches, - `undefined` if it does not. +* Returns: {string|undefined} Returns a subject name that matches `name`, + or `undefined` if no subject name matches `name`. Checks whether the certificate matches the given host name. +If the certificate matches the given host name, the matching subject name is +returned. The returned name might be an exact match (e.g., `foo.example.com`) +or it might contain wildcards (e.g., `*.example.com`). Because host name +comparisons are case-insensitive, the returned subject name might also differ +from the given `name` in capitalization. + ### `x509.checkIP(ip[, options])`