aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-04-04 12:27:58 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-04-04 12:27:58 +0200
commit07cc573c5d98ea93e65ad88da3c51be8f0137f88 (patch)
treece306840a68c143f51a05e6f220fa40f3fb83f7c
parentfec14a48822be00b2c3f9422b094b3108c72baa2 (diff)
Populate SNI with addresses from Cert
-rw-r--r--server.go22
1 files changed, 15 insertions, 7 deletions
diff --git a/server.go b/server.go
index e1618db..3437590 100644
--- a/server.go
+++ b/server.go
@@ -2,8 +2,8 @@ package goxy
import (
"crypto/tls"
+ "crypto/x509"
"fmt"
- "net"
"net/http"
"net/http/httputil"
"net/url"
@@ -29,16 +29,24 @@ func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
return nil, fmt.Errorf("no cert for %q", h.ServerName)
}
-func (s SNI) addCertificate(host string, cert, key []byte) error {
+func (s SNI) addCertificate(cert, key []byte) error {
c, err := tls.X509KeyPair(cert, key)
if err != nil {
return err
}
- slug, _, err := net.SplitHostPort(host)
+ c.Leaf, err = x509.ParseCertificate(c.Certificate[0])
if err != nil {
- slug = host
+ return err
+ }
+ if cn := c.Leaf.Subject.CommonName; cn != "" {
+ s[cn] = &c
+ }
+ for _, name := range c.Leaf.DNSNames {
+ s[name] = &c
+ }
+ for _, ip := range c.Leaf.IPAddresses {
+ s[ip.String()] = &c
}
- s[slug] = &c
return nil
}
@@ -90,7 +98,7 @@ func (s *Server) UpdateMux() error {
case "http", "":
wwwMux.Handle(host, NewReverseProxy(upstream))
case "https":
- err := s.SNI.addCertificate(host, route.Cert, route.Key)
+ err := s.SNI.addCertificate(route.Cert, route.Key)
if err != nil {
return err
}
@@ -99,7 +107,7 @@ func (s *Server) UpdateMux() error {
case "ws":
wwwMux.Handle(host, NewWebSocketProxy(upstream))
case "wss":
- err := s.SNI.addCertificate(host, route.Cert, route.Key)
+ err := s.SNI.addCertificate(route.Cert, route.Key)
if err != nil {
return err
}