From 3bad5b6bb595b09c14bd86ff0b365d302faaf5e2 Mon Sep 17 00:00:00 2001
From: Nick Ubels <nickubels@gmail.com>
Date: Sat, 10 Aug 2024 02:24:33 +0200
Subject: [PATCH] Check for .internal with SubjectIsInternal (#305)

---
 certificates.go      | 1 +
 certificates_test.go | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/certificates.go b/certificates.go
index 2bdc07bd..2965712a 100644
--- a/certificates.go
+++ b/certificates.go
@@ -553,6 +553,7 @@ func SubjectIsInternal(subj string) bool {
 	return subj == "localhost" ||
 		strings.HasSuffix(subj, ".localhost") ||
 		strings.HasSuffix(subj, ".local") ||
+		strings.HasSuffix(subj, ".internal") ||
 		strings.HasSuffix(subj, ".home.arpa") ||
 		isInternalIP(subj)
 }
diff --git a/certificates_test.go b/certificates_test.go
index 12221dd5..f8ecc3df 100644
--- a/certificates_test.go
+++ b/certificates_test.go
@@ -163,6 +163,8 @@ func TestSubjectQualifiesForPublicCert(t *testing.T) {
 		{"local", true},
 		{"foo.local", false},
 		{"foo.bar.local", false},
+		{"foo.internal", false},
+		{"foo.bar.internal", false},
 		{"foo.home.arpa", false},
 		{"foo.bar.home.arpa", false},
 		{"192.168.1.3", false},