From 64c20a10427c4751204b26f8eb136b8894427351 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Wed, 5 May 2021 00:53:51 +0800
Subject: [PATCH] feat: add common name, alt names check

---
 src/config.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index e87da82..7c4611b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -158,6 +158,20 @@ impl CertConfigItem {
             if cert_path_buff.exists() {
                 let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
                 let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
+                if let Some(common_name) = &self.common_name {
+                    if common_name != &x509_certificate.common_name {
+                        return Ok(None); // request for new cert
+                    }
+                }
+                if let Some(dns_names) = &self.dns_names {
+                    let mut sorted_dns_names = dns_names.clone();
+                    sorted_dns_names.sort();
+                    let mut cert_sorted_dns_names = x509_certificate.alt_names.clone();
+                    cert_sorted_dns_names.sort();
+                    if sorted_dns_names != cert_sorted_dns_names {
+                        return Ok(None); // request for new cert
+                    }
+                }
                 Ok(Some(x509_certificate))
             } else {
                 Ok(None)