Merge pull request #1227 from dtomcej/tighter-regex

Tighten regex match for wildcard certs [Addendum to #1018]
This commit is contained in:
Emile Vauge 2017-03-07 16:59:52 +01:00 committed by GitHub
commit dae28f7f17

View file

@ -330,7 +330,7 @@ func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificat
account := a.store.Get().(*Account) account := a.store.Get().(*Account)
//use regex to test for wildcard certs that might have been added into TLSConfig //use regex to test for wildcard certs that might have been added into TLSConfig
for k := range a.TLSConfig.NameToCertificate { for k := range a.TLSConfig.NameToCertificate {
selector := "^" + strings.Replace(k, "*.", ".*\\.?", -1) + "$" selector := "^" + strings.Replace(k, "*.", "[^\\.]*\\.?", -1) + "$"
match, _ := regexp.MatchString(selector, domain) match, _ := regexp.MatchString(selector, domain)
if match { if match {
return a.TLSConfig.NameToCertificate[k], nil return a.TLSConfig.NameToCertificate[k], nil