Skip to main content
X509Certificate.prototype.checkHost - crypto - Node documentation
method X509Certificate.prototype.checkHost

Usage in Deno

import { X509Certificate } from "node:crypto";
X509Certificate.prototype.checkHost(
name: string,
options?: X509CheckOptions,
): string | undefined

Checks whether the certificate matches the given host name.

If the certificate matches the given host name, the matching subject name is returned. The returned name might be an exact match (e.g., foo.example.com) or it might contain wildcards (e.g., *.example.com). Because host name comparisons are case-insensitive, the returned subject name might also differ from the given name in capitalization.

If the 'subject' option is undefined or set to 'default', the certificate subject is only considered if the subject alternative name extension either does not exist or does not contain any DNS names. This behavior is consistent with RFC 2818 ("HTTP Over TLS").

If the 'subject' option is set to 'always' and if the subject alternative name extension either does not exist or does not contain a matching DNS name, the certificate subject is considered.

If the 'subject' option is set to 'never', the certificate subject is never considered, even if the certificate contains no subject alternative names.

Parameters

name: string
optional
options: X509CheckOptions

Return Type

string | undefined

Returns a subject name that matches name, or undefined if no subject name matches name.