hatter/acme-client-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add common name, alt names check

Browse Source
This commit is contained in:
Hatter Jiang
2021-05-05 00:53:51 +08:00
parent 264fc88e18
commit 64c20a1042
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/config.rs
View File

@@ -158,6 +158,20 @@ impl CertConfigItem {
if cert_path_buff.exists() { if cert_path_buff.exists() {
let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff); let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME); let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
if let Some(common_name) = &self.common_name {
if common_name != &x509_certificate.common_name {
return Ok(None); // request for new cert
}
}
if let Some(dns_names) = &self.dns_names {
let mut sorted_dns_names = dns_names.clone();
sorted_dns_names.sort();
let mut cert_sorted_dns_names = x509_certificate.alt_names.clone();
cert_sorted_dns_names.sort();
if sorted_dns_names != cert_sorted_dns_names {
return Ok(None); // request for new cert
}
}
Ok(Some(x509_certificate)) Ok(Some(x509_certificate))
} else { } else {
Ok(None) Ok(None)