From c8b0781028a221cd4dfebaa0f08f28e02541817c Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Fri, 10 Jun 2016 11:47:21 -0700 Subject: [PATCH] Add TLS SNI Challenge function which returns domain Used by rsc.io/letsencrypt to get the challenge domain. Originally committed under rsc.io/letsencrypt/vendor. --- acme/tls_sni_challenge.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go index c36f6acc..f184b17a 100644 --- a/acme/tls_sni_challenge.go +++ b/acme/tls_sni_challenge.go @@ -40,12 +40,12 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { return t.validate(t.jws, domain, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth}) } -// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge -func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { +// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge +func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error) { // generate a new RSA key for the certificates tempPrivKey, err := generatePrivateKey(RSA2048) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } rsaPrivKey := tempPrivKey.(*rsa.PrivateKey) rsaPrivPEM := pemEncode(rsaPrivKey) @@ -55,13 +55,19 @@ func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:]) tempCertPEM, err := generatePemCert(rsaPrivKey, domain) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } - return certificate, nil + return certificate, domain, nil +} + +// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge +func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { + cert, _, err := TLSSNI01ChallengeCertDomain(keyAuth) + return cert, err }