Currently the route API documentation does not state explicitly that the host name is not checked when .spec.tls.destinationCACertificate is specified in a route manifest.

To address this issue the "Description" of the destinationCACertificate "Property" under .spec.tls section in this documentation page should be changed from:

destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.

to:

destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is specified, the router checks the validity of the final destination's server certificate against the provided ca certificate, but does not perform hostname validation. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.

    1.
    2.
    3.