From c8b0781028a221cd4dfebaa0f08f28e02541817c Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Fri, 10 Jun 2016 11:47:21 -0700 Subject: [PATCH 1/2] Add TLS SNI Challenge function which returns domain Used by rsc.io/letsencrypt to get the challenge domain. Originally committed under rsc.io/letsencrypt/vendor. --- acme/tls_sni_challenge.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go index c36f6acc..f184b17a 100644 --- a/acme/tls_sni_challenge.go +++ b/acme/tls_sni_challenge.go @@ -40,12 +40,12 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { return t.validate(t.jws, domain, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth}) } -// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge -func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { +// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge +func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error) { // generate a new RSA key for the certificates tempPrivKey, err := generatePrivateKey(RSA2048) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } rsaPrivKey := tempPrivKey.(*rsa.PrivateKey) rsaPrivPEM := pemEncode(rsaPrivKey) @@ -55,13 +55,19 @@ func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:]) tempCertPEM, err := generatePemCert(rsaPrivKey, domain) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } - return certificate, nil + return certificate, domain, nil +} + +// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge +func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { + cert, _, err := TLSSNI01ChallengeCertDomain(keyAuth) + return cert, err } From be785fda33e77a193c5e1428a97b1ef4a0fd8886 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Sun, 12 Jun 2016 22:57:22 -0700 Subject: [PATCH 2/2] Updated original signature and removed new function --- acme/tls_sni_challenge.go | 8 +------- acme/tls_sni_challenge_server.go | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go index f184b17a..34383cbf 100644 --- a/acme/tls_sni_challenge.go +++ b/acme/tls_sni_challenge.go @@ -41,7 +41,7 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { } // TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge -func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error) { +func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, string, error) { // generate a new RSA key for the certificates tempPrivKey, err := generatePrivateKey(RSA2048) if err != nil { @@ -65,9 +65,3 @@ func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error return certificate, domain, nil } - -// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge -func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { - cert, _, err := TLSSNI01ChallengeCertDomain(keyAuth) - return cert, err -} diff --git a/acme/tls_sni_challenge_server.go b/acme/tls_sni_challenge_server.go index faaf16f6..df00fbb5 100644 --- a/acme/tls_sni_challenge_server.go +++ b/acme/tls_sni_challenge_server.go @@ -30,7 +30,7 @@ func (s *TLSProviderServer) Present(domain, token, keyAuth string) error { s.port = "443" } - cert, err := TLSSNI01ChallengeCert(keyAuth) + cert, _, err := TLSSNI01ChallengeCert(keyAuth) if err != nil { return err }