Merge branch 'dev' of https://github.com/projectdiscovery/tlsx into dev

Author: ehsandeep

pkg/tlsx/clients/clients.go

@@ -360,13 +360,13 @@ func IsMisMatchedCert(host string, alternativeNames []string) bool {
 						// match leftmost token
 						matched = matchWildCardToken(token, hostTokens[i])
 						if !matched {
-							return true
+							break
 						}
 					} else {
 						// match all other tokens
 						matched = stringsutil.EqualFoldAny(token, hostTokens[i])
 						if !matched {
-							return true
+							break
 						}
 					}
 				}

pkg/tlsx/clients/clients_test.go

@@ -10,8 +10,8 @@ import (
 
 func TestIsMisMatchedCert(t *testing.T) {
 	type args struct {
-		host  string
-		names []string
+		host  string   // actual host name
+		names []string // cert names + alternate names
 	}
 
 	tests := []struct {
@@ -28,6 +28,10 @@ func TestIsMisMatchedCert(t *testing.T) {
 		{args{host: "foobaz.example.net", names: []string{"*baz.example.net"}}, false},
 		{args{host: "buzz.example.net", names: []string{"b*z.example.net"}}, false},
 
+		// multilevel domains
+		{args{host: "xyz.subdomain.target.com", names: []string{"*.target.com"}}, true},
+		{args{host: "xyz.subdomain.target.com", names: []string{"*.subdomain.target.com"}}, false},
+
 		// negative scenarios
 		{args{host: "bar.foo.example.net", names: []string{"*.example.net"}}, true},
 		{args{host: "target.com", names: []string{"other-target.com"}}, true},