DNS SAN matching does not handle wildcards in split patterns that Envoy does #12326
Description
Noticed some difference in the way Subject Alternative Name (SAN) validation is done in Envoy vs gRPC Java. Envoy creates different types of matchers depending on StringMatcher . For DNS exact matching it uses DnsSanMatcher and for others like prefix and suffix matching it creates StringSanMatcher. The matching done by DnsSanMatcher includes handling for wildcards in split patterns, whereas gRPC only does string comparison.
gRPC code should be made to handle wildcards in split patterns for Dns Exact match, and then for other matching types (prefix, suffix, etc) to match envoy's StringSanMatcher's capabilities. Here also gRPC does simple prefix/suffix test on strings whereas Envoy uses a matcher which can allow more broader matching.