baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Allow SANs for wildcards domain.

Browse source
This commit is contained in:
Wenxuan Zhao 2019-05-03 09:08:37 -07:00 committed by Traefiker Bot
parent 77b1933833
commit 1f2fe08c33
2 changed files with 4 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/provider/acme/provider.go
View file

@ -49,7 +49,7 @@ type Configuration struct {
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"` DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"`
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"` HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"` TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"`
Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"` Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. Wildcard domains only accepted with DNSChallenge"`
} }
// Certificate is a struct which contains all data needed from an ACME certificate // Certificate is a struct which contains all data needed from an ACME certificate
@ -720,12 +720,6 @@ func (p *Provider) getValidDomains(ctx context.Context, domain types.Domain, wil
} }
} }
for _, san := range domain.SANs {
if strings.HasPrefix(san, "*") {
return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SAN %q can not be a wildcard domain", strings.Join(domains, ","), san)
}
}
var cleanDomains []string var cleanDomains []string
for _, domain := range domains { for _, domain := range domains {
canonicalDomain := types.CanonicalDomain(domain) canonicalDomain := types.CanonicalDomain(domain)

6
pkg/provider/acme/provider_test.go
View file

@ -243,12 +243,12 @@ func TestGetValidDomain(t *testing.T) {
expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"}, expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
}, },
{ {
desc: "unexpected SANs", desc: "wildcard SANs",
domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}}, domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
dnsChallenge: &DNSChallenge{}, dnsChallenge: &DNSChallenge{},
wildcardAllowed: true, wildcardAllowed: true,
expectedErr: "unable to generate a certificate in ACME provider for domains \"*.traefik.wtf,*.acme.wtf\": SAN \"*.acme.wtf\" can not be a wildcard domain", expectedErr: "",
expectedDomains: nil, expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
}, },
} }