Allow SANs for wildcards domain.
This commit is contained in:
parent
77b1933833
commit
1f2fe08c33
2 changed files with 4 additions and 10 deletions
|
@ -49,7 +49,7 @@ type Configuration struct {
|
||||||
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"`
|
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"`
|
||||||
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
|
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
|
||||||
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"`
|
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"`
|
||||||
Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"`
|
Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. Wildcard domains only accepted with DNSChallenge"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Certificate is a struct which contains all data needed from an ACME certificate
|
// Certificate is a struct which contains all data needed from an ACME certificate
|
||||||
|
@ -720,12 +720,6 @@ func (p *Provider) getValidDomains(ctx context.Context, domain types.Domain, wil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, san := range domain.SANs {
|
|
||||||
if strings.HasPrefix(san, "*") {
|
|
||||||
return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SAN %q can not be a wildcard domain", strings.Join(domains, ","), san)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var cleanDomains []string
|
var cleanDomains []string
|
||||||
for _, domain := range domains {
|
for _, domain := range domains {
|
||||||
canonicalDomain := types.CanonicalDomain(domain)
|
canonicalDomain := types.CanonicalDomain(domain)
|
||||||
|
|
|
@ -243,12 +243,12 @@ func TestGetValidDomain(t *testing.T) {
|
||||||
expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
|
expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "unexpected SANs",
|
desc: "wildcard SANs",
|
||||||
domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
|
domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
|
||||||
dnsChallenge: &DNSChallenge{},
|
dnsChallenge: &DNSChallenge{},
|
||||||
wildcardAllowed: true,
|
wildcardAllowed: true,
|
||||||
expectedErr: "unable to generate a certificate in ACME provider for domains \"*.traefik.wtf,*.acme.wtf\": SAN \"*.acme.wtf\" can not be a wildcard domain",
|
expectedErr: "",
|
||||||
expectedDomains: nil,
|
expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue