feat: 0.2.1, support default certificate domains

2024-09-20 01:12:10 +08:00
parent c2eb073c91
commit f1775cad66
4 changed files with 22 additions and 6 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2007,7 +2007,7 @@ checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"

 [[package]]
 name = "proxy-inspector"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
 "async-trait",
 "base64 0.22.1",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "proxy-inspector"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2021"

 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
--- a/src/cert.rs
+++ b/src/cert.rs
@@ -65,9 +65,11 @@ fn resolve_ecc_pkcs8(pem: &str) -> String {
 }

 fn build_certificate(domain: &str) -> Result<Certificate, String> {
-    let mut params = CertificateParams::new(vec![domain.into()]);
+    let domains = domain.split(",").map(ToString::to_string).collect::<Vec<String>>();
+
+    let mut params = CertificateParams::new(domains.clone());
    let (start, end) = build_validity_period()?;
-    params.distinguished_name.push(DnType::CommonName, domain);
+    params.distinguished_name.push(DnType::CommonName, &domains[0]);
    params.use_authority_key_identifier_extension = true;
    params.key_usages.push(KeyUsagePurpose::DigitalSignature);
    params.is_ca = IsCa::NoCa;
--- a/src/service.rs
+++ b/src/service.rs
@@ -1,4 +1,5 @@
 use std::collections::HashMap;
+use std::env;
 use std::sync::Arc;

 use async_trait::async_trait;
@@ -50,8 +51,21 @@ impl Callback {
 impl TlsAccept for Callback {
    async fn certificate_callback(&self, ssl: &mut SslRef) -> () {
        let sni_provided = ssl.servername(NameType::HOST_NAME)
-            .unwrap_or("127.0.0.1").to_string();
-        log::info!("SNI provided: {}", sni_provided);
+            .map(|sni| {
+                log::info!("SNI provided: {}", sni);
+                sni.to_string()
+            })
+            .unwrap_or_else(||
+                env::var("DEFAULT_CERTIFICATE_DOMAINS")
+                    .map(|default_sni| {
+                        log::info!("Use default SNI: {}", &default_sni);
+                        default_sni
+                    })
+                    .unwrap_or_else(|_| {
+                        log::info!("Use default SNI: 127.0.0.1, user env DEFAULT_CERTIFICATE_DOMAINS override default domains(split with comma ',')");
+                        "127.0.0.1".to_string()
+                    })
+            );

        let cert = self.issue_certificate(&sni_provided).await
            .unwrap_or_else(|e| panic!("Issue certificate failed: {}", e));