From 84527e3963abf63ebad9e66136b4966a2be86694 Mon Sep 17 00:00:00 2001
From: Floris <info@styxit.com>
Date: Wed, 23 Apr 2025 14:13:29 +0200
Subject: [PATCH 1/2] A wildcard certificate does not cover the root domain

---
 src/SslCertificate.php       | 4 ++++
 tests/SslCertificateTest.php | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/SslCertificate.php b/src/SslCertificate.php
index 345d031..8529447 100644
--- a/src/SslCertificate.php
+++ b/src/SslCertificate.php
@@ -270,6 +270,10 @@ protected function wildcardHostCoversHost(string $wildcardHost, string $host): b
 
         $hostWithDottedPrefix = ".{$host}";
 
+        if ($wildcardHostWithoutWildcard === $hostWithDottedPrefix) {
+            return false;
+        }
+
         return ends_with($hostWithDottedPrefix, $wildcardHostWithoutWildcard);
     }
 
diff --git a/tests/SslCertificateTest.php b/tests/SslCertificateTest.php
index 5a794a8..7926bb7 100644
--- a/tests/SslCertificateTest.php
+++ b/tests/SslCertificateTest.php
@@ -120,7 +120,7 @@
         ->and($this->certificate->isValid('another.spatie.be'))->toBeFalse()
         ->and($this->certificate->isValid('www.another.spatie.be'))->toBeFalse()
         ->and($this->certificate->isValid('another.www.another.spatie.be'))->toBeFalse()
-        ->and($this->certificate->isValid('otherdomain.com'))->toBeTrue()
+        ->and($this->certificate->isValid('otherdomain.com'))->toBeFalse()
         ->and($this->certificate->isValid('www.otherdomain.com'))->toBeTrue()
         ->and($this->certificate->isValid('another.otherdomain.com'))->toBeTrue()
         ->and($this->certificate->isValid('www.another.otherdomain.com'))->toBeFalse()

From 844d06e6a2c447ab989304e9f73f410882450cf0 Mon Sep 17 00:00:00 2001
From: Floris <info@styxit.com>
Date: Wed, 23 Apr 2025 14:13:42 +0200
Subject: [PATCH 2/2] Add additional testcase

---
 tests/SslCertificateTest.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/SslCertificateTest.php b/tests/SslCertificateTest.php
index 7926bb7..7e17251 100644
--- a/tests/SslCertificateTest.php
+++ b/tests/SslCertificateTest.php
@@ -130,6 +130,11 @@
         ->and($this->certificate->isValid('www.spatie.be.facebook.com'))->toBeFalse();
 });
 
+it('determines that a wildcard certificate is not valid for a root domain', function () {
+    expect($this->certificate->appliesToUrl('another.otherdomain.com'))->toBeTrue()
+        ->and($this->certificate->appliesToUrl('otherdomain.com'))->toBeFalse();
+});
+
 it('can create an instance for the given host', function () {
     $downloadedCertificate = SslCertificate::createForHostName('spatie.be');