hatter/acme-client-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: dns names

Browse Source
This commit is contained in:
Hatter Jiang
2021-05-05 11:42:33 +08:00
parent 3e09332a2e
commit 9be8f5b353
3 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -2,7 +2,7 @@
# It is not intended for manual editing. # It is not intended for manual editing.
[[package]] [[package]]
name = "acme-client" name = "acme-client"
version = "0.2.0" version = "0.3.0"
dependencies = [ dependencies = [
"acme-lib", "acme-lib",
"async-std", "async-std",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "acme-client" name = "acme-client"
version = "0.2.0" version = "0.3.0"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"
description = "Acme auto challenge client, acme-client can issue certificates from Let's encrypt" description = "Acme auto challenge client, acme-client can issue certificates from Let's encrypt"

15
src/config.rs
View File

@@ -110,15 +110,25 @@ impl CertConfigItem {
} }
let path_buff = opt_result!(PathBuf::from_str(&self.path), "Path: {}, failed: {}", self.path); let path_buff = opt_result!(PathBuf::from_str(&self.path), "Path: {}, failed: {}", self.path);
let cert_path_buff = path_buff.join(CERT_NAME); let cert_path_buff = path_buff.join(CERT_NAME);
if self.common_name.is_none() || self.dns_names.is_none() { if self.common_name.is_none() && self.dns_names.is_none() {
let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff); let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME); let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
self.common_name = Some(x509_certificate.common_name.clone()); self.common_name = Some(x509_certificate.common_name.clone());
self.dns_names = Some(x509_certificate.alt_names.clone()); self.dns_names = Some(x509_certificate.alt_names.clone());
if let Some(pos) = x509_certificate.alt_names.iter().position(|n| n == &x509_certificate.common_name) {
if let Some(dns_names) = &mut self.dns_names {
dns_names.remove(pos);
}
}
self.algo = None; self.algo = None;
self.public_key_algo = Some(x509_certificate.public_key_algo.clone()); self.public_key_algo = Some(x509_certificate.public_key_algo.clone());
Ok(Some(x509_certificate)) Ok(Some(x509_certificate))
} else { } else {
if self.common_name.is_none() {
if let Some(dns_names) = &mut self.dns_names {
self.common_name = Some(dns_names.remove(0));
}
}
if self.public_key_algo.is_none() { if self.public_key_algo.is_none() {
self.public_key_algo = match &self.algo { self.public_key_algo = match &self.algo {
None => Some(X509PublicKeyAlgo::Rsa(2048)), None => Some(X509PublicKeyAlgo::Rsa(2048)),
@@ -141,6 +151,9 @@ impl CertConfigItem {
let mut sorted_dns_names = dns_names.clone(); let mut sorted_dns_names = dns_names.clone();
sorted_dns_names.sort(); sorted_dns_names.sort();
let mut cert_sorted_dns_names = x509_certificate.alt_names.clone(); let mut cert_sorted_dns_names = x509_certificate.alt_names.clone();
if let Some(pos) = cert_sorted_dns_names.iter().position(|n| n == self.common_name.as_ref().unwrap()) {
cert_sorted_dns_names.remove(pos);
}
cert_sorted_dns_names.sort(); cert_sorted_dns_names.sort();
if sorted_dns_names != cert_sorted_dns_names { if sorted_dns_names != cert_sorted_dns_names {
warning!("Cert: {}, dns names mis-match: {:?} vs {:?}", self.path, sorted_dns_names, cert_sorted_dns_names); warning!("Cert: {}, dns names mis-match: {:?} vs {:?}", self.path, sorted_dns_names, cert_sorted_dns_names);