



@deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname})
@var{cert}: should contain an gnutls_x509_crt_t structure

@var{hostname}: A null terminated string that contains a DNS name

This function will check if the given certificate's subject matches
the given hostname.  This is a basic implementation of the matching
described in RFC2818 (HTTPS), which takes into account wildcards,
and the DNSName/IPAddress subject alternative name PKIX extension.

IPv4 addresses are accepted by this function in the dotted-decimal
format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal
x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative
name extension is consulted, as well as the DNSNames in case of a non-match.
The latter fallback exists due to misconfiguration of many servers
which place an IPAddress inside the DNSName extension.

Wildcards are only considered if the domain name consists of three
components or more.

The IPv4/v6 address comparison is since GnuTLS 3.2.16.

@strong{Returns:} non-zero for a successful match, and zero on failure.
@end deftypefun
