Last SAN optimations

2025-08-29 15:06:26 +02:00 · 2025-04-29 06:37:12 +02:00
parent d38d4204f8
commit 90f9d97c54
2 changed files with 12 additions and 12 deletions
--- a/module_utils/cert_utils.py
+++ b/module_utils/cert_utils.py
@@ -47,20 +47,16 @@ class CertUtils:

    @staticmethod
    def matches(domain, san):
+        """RFC compliant SAN matching."""
        if san.startswith('*.'):
            base = san[2:]
-            # Wildcard does NOT cover the base domain itself
+            # Wildcard matches ONLY one additional label
            if domain == base:
                return False
-            if domain.endswith('.' + base):
-                # Check if the domain has exactly one label more than the base
-                domain_labels = domain.split('.')
-                base_labels = base.split('.')
-                if len(domain_labels) == len(base_labels) + 1:
-                    return True
+            if domain.endswith('.' + base) and domain.count('.') == base.count('.') + 1:
+                return True
            return False
        else:
-            # Exact match required for non-wildcard SAN entries
            return domain == san