Sample code for 30+ languages & platforms
Node.js

HTTPS Server Certificate Require Hostname Match

See more HTTP Examples

Demonstrates and explains the RequireHostnameMatch property.

Chilkat Node.js Downloads

Node.js
NODEJS_PRELUDE

function chilkatExample() {

    //  The RequireHostnameMatch property was added in Chilkat v11.0.0
    //  to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
    //  
    //  In actuality, it is the SNI hostname that must match.  If the SNI hostname is not explicitly set,
    //  then Chilkat uses the hostname from the URL as the SNI hostname.

    //  Here's an example using chilkatsoft.com
    //  The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
    //  
    //  1) DNS Name: *.chilkatsoft.com
    //  2) DNS Name: chilkatsoft.com
    //  
    //  See Explaining the SNI Hostname in TLS

    var http = new chilkat.Http();

    http.RequireHostnameMatch = true;

    //  This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
    var html = http.QuickGetStr("https://www.chilkatsoft.com/helloWorld.html");
    console.log("1) Succeeded: " + http.LastMethodSuccess);

    //  At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
    //  If we send the request using the IP address, it will fail because the IP address is does 
    //  not match any of the SAN entries in the server certificate.
    html = http.QuickGetStr("https://3.101.18.47/helloWorld.html");
    console.log("2) Succeeded: " + http.LastMethodSuccess);

    //  However, it will succeed if we explicitly set the SNI hostname.
    http.SniHostname = "www.chilkatsoft.com";
    html = http.QuickGetStr("https://3.101.18.47/helloWorld.html");
    console.log("3) Succeeded: " + http.LastMethodSuccess);

    //  Remove our explicit SNI hostname.
    http.SniHostname = "";

    //  Now let's try wrong.host.badssl.com
    //  The SSL server certificate for badssl.com has 2 Subject Alternative Names:
    //  
    //  1) DNS Name: *.badssl.com
    //  2) DNS Name: badssl.com

    //  The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
    //  the wildcarded domain SAN entry only extends 1 level deep.  
    html = http.QuickGetStr("https://wrong.host.badssl.com/");
    console.log("4) Succeeded: " + http.LastMethodSuccess);

    //  The expected output is:
    //  1) Succeeded: True
    //  2) Succeeded: False
    //  3) Succeeded: True
    //  4) Succeeded: False

}

chilkatExample();