aboutsummaryrefslogtreecommitdiff
path: root/solve_tls.go
diff options
context:
space:
mode:
Diffstat (limited to 'solve_tls.go')
-rw-r--r--solve_tls.go15
1 files changed, 9 insertions, 6 deletions
diff --git a/solve_tls.go b/solve_tls.go
index 97a0ede..876a39a 100644
--- a/solve_tls.go
+++ b/solve_tls.go
@@ -33,7 +33,7 @@ func NewTLSSolver(addr string) Solver {
return s
}
-func newCert(keyAuth string) (tls.Certificate, error) {
+func newCert(domain string) (tls.Certificate, error) {
fail := func(err error) (tls.Certificate, error) {
return tls.Certificate{}, err
}
@@ -46,9 +46,6 @@ func newCert(keyAuth string) (tls.Certificate, error) {
if err != nil {
return fail(err)
}
- hash := sha256.Sum256([]byte(keyAuth))
- z := hex.EncodeToString(hash[:])
- name := z[:32] + "." + z[32:] + tlsSuffix
tmpl := x509.Certificate{
SerialNumber: serial,
Subject: pkix.Name{
@@ -60,7 +57,7 @@ func newCert(keyAuth string) (tls.Certificate, error) {
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
SignatureAlgorithm: x509.SHA256WithRSA,
- DNSNames: []string{name},
+ DNSNames: []string{domain},
}
crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
if err != nil {
@@ -72,9 +69,15 @@ func newCert(keyAuth string) (tls.Certificate, error) {
}, nil
}
+func sniName(keyAuth string) string {
+ hash := sha256.Sum256([]byte(keyAuth))
+ z := hex.EncodeToString(hash[:])
+ return z[:32] + "." + z[32:] + tlsSuffix
+}
+
func (s *tlsSolver) Solve(_, keyAuth string) error {
log.Println("solve tls")
- crt, err := newCert(keyAuth)
+ crt, err := newCert(sniName(keyAuth))
if err != nil {
return err
}