cybercyst/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-05-29 19:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow SANs for wildcards domain. (#4821)

Browse Source
This commit is contained in:
Wenxuan Zhao 2019-05-03 09:08:37 -07:00 committed by Ludovic Fernandez
parent 4106cf647b
commit cc130fb673
6 changed files with 10 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md
View File

@ -158,7 +158,7 @@ Integration tests must be run from the `integration/` directory and require the
## Documentation ## Documentation
The [documentation site](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/) The [documentation site](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/)
### Building Documentation ### Building Documentation

6
acme/acme.go
View File

@ -751,12 +751,6 @@ func (a *ACME) getValidDomains(domains []string, wildcardAllowed bool) ([]string
return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ",")) return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ","))
} }
} }
for _, san := range domains[1:] {
if strings.HasPrefix(san, "*") {
return nil, fmt.Errorf("unable to generate a certificate for domains %q: SANs can not be a wildcard domain", strings.Join(domains, ","))
}
}
domains = fun.Map(types.CanonicalDomain, domains).([]string) domains = fun.Map(types.CanonicalDomain, domains).([]string)
return domains, nil return domains, nil

6
acme/acme_test.go
View File

@ -419,12 +419,12 @@ func TestAcme_getValidDomain(t *testing.T) {
expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"}, expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
}, },
{ {
desc: "unexpected SANs", desc: "wildcard SANs",
domains: []string{"*.traefik.wtf", "*.acme.wtf"}, domains: []string{"*.traefik.wtf", "*.acme.wtf"},
dnsChallenge: &acmeprovider.DNSChallenge{}, dnsChallenge: &acmeprovider.DNSChallenge{},
wildcardAllowed: true, wildcardAllowed: true,
expectedErr: "unable to generate a certificate for domains \"*.traefik.wtf,*.acme.wtf\": SANs can not be a wildcard domain", expectedErr: "",
expectedDomains: nil, expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
}, },
} }
for _, test := range testCases { for _, test := range testCases {

4
docs/theme/partials/footer.html vendored
View File

@ -88,9 +88,9 @@
</div> </div>
{% endif %} {% endif %}
powered by powered by
<a href="http://www.mkdocs.org" title="MkDocs">MkDocs</a> <a href="https://www.mkdocs.org" title="MkDocs">MkDocs</a>
and and
<a href="http://squidfunk.github.io/mkdocs-material/" <a href="https://squidfunk.github.io/mkdocs-material/"
title="Material for MkDocs"> title="Material for MkDocs">
Material for MkDocs</a> Material for MkDocs</a>
</div> </div>

8
provider/acme/provider.go
View File

@ -49,7 +49,7 @@ type Configuration struct {
DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"` DNSChallenge *DNSChallenge `description:"Activate DNS-01 Challenge"`
HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"` HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"` TLSChallenge *TLSChallenge `description:"Activate TLS-ALPN-01 Challenge"`
Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"` Domains []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. Wildcard domains only accepted with DNSChallenge"`
} }
// Provider holds configurations of the provider. // Provider holds configurations of the provider.
@ -756,12 +756,6 @@ func (p *Provider) getValidDomains(domain types.Domain, wildcardAllowed bool) ([
} }
} }
for _, san := range domain.SANs {
if strings.HasPrefix(san, "*") {
return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SAN %q can not be a wildcard domain", strings.Join(domains, ","), san)
}
}
var cleanDomains []string var cleanDomains []string
for _, domain := range domains { for _, domain := range domains {
canonicalDomain := types.CanonicalDomain(domain) canonicalDomain := types.CanonicalDomain(domain)

6
provider/acme/provider_test.go
View File

@ -267,12 +267,12 @@ func TestGetValidDomain(t *testing.T) {
expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"}, expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
}, },
{ {
desc: "unexpected SANs", desc: "wildcard SANs",
domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}}, domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
dnsChallenge: &DNSChallenge{}, dnsChallenge: &DNSChallenge{},
wildcardAllowed: true, wildcardAllowed: true,
expectedErr: "unable to generate a certificate in ACME provider for domains \"*.traefik.wtf,*.acme.wtf\": SAN \"*.acme.wtf\" can not be a wildcard domain", expectedErr: "",
expectedDomains: nil, expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
}, },
} }