From 07cc573c5d98ea93e65ad88da3c51be8f0137f88 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Mon, 4 Apr 2016 12:27:58 +0200 Subject: Populate SNI with addresses from Cert --- server.go | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/server.go b/server.go index e1618db..3437590 100644 --- a/server.go +++ b/server.go @@ -2,8 +2,8 @@ package goxy import ( "crypto/tls" + "crypto/x509" "fmt" - "net" "net/http" "net/http/httputil" "net/url" @@ -29,16 +29,24 @@ func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) { return nil, fmt.Errorf("no cert for %q", h.ServerName) } -func (s SNI) addCertificate(host string, cert, key []byte) error { +func (s SNI) addCertificate(cert, key []byte) error { c, err := tls.X509KeyPair(cert, key) if err != nil { return err } - slug, _, err := net.SplitHostPort(host) + c.Leaf, err = x509.ParseCertificate(c.Certificate[0]) if err != nil { - slug = host + return err + } + if cn := c.Leaf.Subject.CommonName; cn != "" { + s[cn] = &c + } + for _, name := range c.Leaf.DNSNames { + s[name] = &c + } + for _, ip := range c.Leaf.IPAddresses { + s[ip.String()] = &c } - s[slug] = &c return nil } @@ -90,7 +98,7 @@ func (s *Server) UpdateMux() error { case "http", "": wwwMux.Handle(host, NewReverseProxy(upstream)) case "https": - err := s.SNI.addCertificate(host, route.Cert, route.Key) + err := s.SNI.addCertificate(route.Cert, route.Key) if err != nil { return err } @@ -99,7 +107,7 @@ func (s *Server) UpdateMux() error { case "ws": wwwMux.Handle(host, NewWebSocketProxy(upstream)) case "wss": - err := s.SNI.addCertificate(host, route.Cert, route.Key) + err := s.SNI.addCertificate(route.Cert, route.Key) if err != nil { return err } -- cgit v1.2.3