diff options
author | Mike Crute <mike@crute.us> | 2023-08-01 18:08:06 -0700 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2023-08-01 18:08:06 -0700 |
commit | b29262b0a5384246b04764488869d1fbc81e2d1a (patch) | |
tree | e9ab240586b17029cd7c57dfe8431be83dd937ab | |
parent | 3bd6b5f3ea7e4b2a6039b8cc3f4d89332303e521 (diff) | |
download | golib-b29262b0a5384246b04764488869d1fbc81e2d1a.tar.bz2 golib-b29262b0a5384246b04764488869d1fbc81e2d1a.tar.xz golib-b29262b0a5384246b04764488869d1fbc81e2d1a.zip |
clients/autocert: default hostname if none in SNIclients/autocert/v2.1.0
-rw-r--r-- | clients/autocert/autocert_wrapper.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/clients/autocert/autocert_wrapper.go b/clients/autocert/autocert_wrapper.go index 567d2c2..c8dd180 100644 --- a/clients/autocert/autocert_wrapper.go +++ b/clients/autocert/autocert_wrapper.go | |||
@@ -2,6 +2,7 @@ package autocert | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "context" | 4 | "context" |
5 | "crypto/tls" | ||
5 | "sync" | 6 | "sync" |
6 | 7 | ||
7 | "code.crute.us/mcrute/golib/clients/dns" | 8 | "code.crute.us/mcrute/golib/clients/dns" |
@@ -23,6 +24,7 @@ type AutocertWrapper struct { | |||
23 | *autocert.Manager | 24 | *autocert.Manager |
24 | hostList *glautocert.ACMEHostList | 25 | hostList *glautocert.ACMEHostList |
25 | primingNotify chan string | 26 | primingNotify chan string |
27 | primaryHost string | ||
26 | } | 28 | } |
27 | 29 | ||
28 | func MustNewAutocertWrapper(ctx context.Context, c AutocertConfig) *AutocertWrapper { | 30 | func MustNewAutocertWrapper(ctx context.Context, c AutocertConfig) *AutocertWrapper { |
@@ -38,6 +40,7 @@ func NewAutocertWrapper(ctx context.Context, c AutocertConfig) (*AutocertWrapper | |||
38 | return &AutocertWrapper{ | 40 | return &AutocertWrapper{ |
39 | hostList: hostList, | 41 | hostList: hostList, |
40 | primingNotify: make(chan string, 10), | 42 | primingNotify: make(chan string, 10), |
43 | primaryHost: c.Hosts[0], | ||
41 | Manager: &autocert.Manager{ | 44 | Manager: &autocert.Manager{ |
42 | Cache: autocert.DirCache("ssl/"), | 45 | Cache: autocert.DirCache("ssl/"), |
43 | Prompt: autocert.AcceptTOS, | 46 | Prompt: autocert.AcceptTOS, |
@@ -52,6 +55,20 @@ func NewAutocertWrapper(ctx context.Context, c AutocertConfig) (*AutocertWrapper | |||
52 | }, nil | 55 | }, nil |
53 | } | 56 | } |
54 | 57 | ||
58 | func (w *AutocertWrapper) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { | ||
59 | h := *hello | ||
60 | |||
61 | // Override a blank SNI ServerName with the first host in the allowed | ||
62 | // host list rather than erroring out. This allows users to hit the | ||
63 | // server by IP and use a Host header while still getting content and | ||
64 | // is consistent with nginx behavior. | ||
65 | if h.ServerName == "" { | ||
66 | h.ServerName = w.primaryHost | ||
67 | } | ||
68 | |||
69 | return w.Manager.GetCertificate(&h) | ||
70 | } | ||
71 | |||
55 | func (w *AutocertWrapper) PrimeCache() error { | 72 | func (w *AutocertWrapper) PrimeCache() error { |
56 | return w.hostList.PrimeCache(w.Manager, w.primingNotify) | 73 | return w.hostList.PrimeCache(w.Manager, w.primingNotify) |
57 | } | 74 | } |