fix: fix bug in hostname overlap detection

internal/gatewayapi/listener.go

@@ -408,10 +408,17 @@ func isOverlappingHostname(hostname1, hostname2 *gwapiv1.Hostname) bool {
 	if hostname1 == nil || hostname2 == nil {
 		return true
 	}
+	domain1 := strings.Replace(string(*hostname1), "*.", "", 1)
+	domain2 := strings.Replace(string(*hostname2), "*.", "", 1)
+	return isSubdomain(domain1, domain2) || isSubdomain(domain2, domain1)
+}
 
-	h1 := strings.Replace(string(*hostname1), "*.", "", 1)
-	h2 := strings.Replace(string(*hostname2), "*.", "", 1)
-	return strings.HasSuffix(h1, h2) || strings.HasSuffix(h2, h1)
+// isSubdomain checks if subDomain is a sub-domain of domain
+func isSubdomain(subDomain, domain string) bool {
+	if subDomain == domain {
+		return true
+	}
+	return strings.HasSuffix(subDomain, fmt.Sprintf(".%s", domain))
 }
 
 func buildListenerMetadata(listener *ListenerContext, gateway *GatewayContext) *ir.ResourceMetadata {

internal/gatewayapi/listener_test.go

@@ -174,6 +174,12 @@ func TestIsOverlappingHostname(t *testing.T) {
 			hostname2: ptr.To(gwapiv1.Hostname("*.test.com")),
 			want:      false,
 		},
+		{
+			name:      "different sub domains of same domain",
+			hostname1: ptr.To(gwapiv1.Hostname("api.foo.dev")),
+			hostname2: ptr.To(gwapiv1.Hostname("testing-api.foo.dev")),
+			want:      false,
+		},
 	}
 
 	for _, tt := range tests {

release-notes/current.yaml

@@ -31,6 +31,7 @@ bug fixes: |
   Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy.
   Fixed issue that switch on wrong SubjectAltNameType enum value in BackendTLSPolicy.
   Fixed issue that BackendTLSPolicy should not reference ConfigMap or Secret across namespace.
+  Fixed bug in certificate SANs overlap detection in listeners.
 
 # Enhancements that improve performance.
 performance improvements: |