@deftypefun {unsigned} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags})

@var{cert}: should contain an gnutls_x509_crt_t type

@var{hostname}: A null terminated string that contains a DNS name

@var{flags}: gnutls_certificate_verify_flags

This function will check if the given certificate's subject matches

the given hostname.  This is a basic implementation of the matching

described in RFC6125, and takes into account wildcards,

and the DNSName/IPAddress subject alternative name PKIX extension.

IPv4 addresses are accepted by this function in the dotted-decimal

format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal

x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative

name extension is consulted. Previous versions to 3.6.0 of GnuTLS

in case of a non-match would consult (in a non-standard extension)

the DNSname and CN fields. This is no longer the case.

When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS}  is specified no

wildcards are considered. Otherwise they are only considered if the

domain name consists of three components or more, and the wildcard

starts at the leftmost position.

When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES}  is specified,

the input will be treated as a DNS name, and matching of textual IP addresses

against the IPAddress part of the alternative name will not be allowed.

The function @code{gnutls_x509_crt_check_ip()}  is available for matching

IP addresses.

@strong{Returns:} non-zero for a successful match, and zero on failure.

@strong{Since:} 3.3.0

@end deftypefun