From 6f2c1ec5ba7077e0945fa94f5569ddda126789d4 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@therootcompany.com>
Date: Wed, 30 Oct 2019 08:34:54 +0000
Subject: [PATCH] bugfix domain fronting check

---
 https-middleware.js | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/https-middleware.js b/https-middleware.js
index 8d45d76..45c7cb5 100644
--- a/https-middleware.js
+++ b/https-middleware.js
@@ -111,14 +111,20 @@ SanitizeHost._checkServername = function(safeHost, tlsSocket) {
 		// TODO optimize / cache?
 		// *should* always have a string, right?
 		// *should* always be lowercase already, right?
-		if (
-			(cert.subject.CN || "").toLowerCase() !== safeHost &&
-			!(cert.subjectaltname || "").split(/,\s+/).some(function(name) {
-				// always prefixed with "DNS:"
-				return safeHost === name.slice(4).toLowerCase();
-			})
-		) {
-			return false;
+		//console.log(safeHost, cert.subject.CN, cert.subjectaltname);
+		var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
+		if (isSubject) {
+			return true;
+		}
+
+		var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
+		var inSanList = dnsnames.some(function(name) {
+			// always prefixed with "DNS:"
+			return safeHost === name.slice(4).toLowerCase();
+		});
+
+		if (isListed) {
+			return true;
 		}
 	} catch (e) {
 		// not sure what else to do in this situation...