From ca62be4366ae07ea8a42216d35cfe417812c9a78 Mon Sep 17 00:00:00 2001 From: Elvin Efendi Date: Thu, 4 Jul 2019 17:30:25 -0400 Subject: [PATCH] dynamic cert mode should understand domain with trailing dot --- rootfs/etc/nginx/lua/certificate.lua | 4 +++- rootfs/etc/nginx/lua/test/certificate_test.lua | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index e07ebcb08..cf46f92e5 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -28,7 +28,9 @@ local function set_pem_cert_key(pem_cert_key) end end -local function get_pem_cert_key(hostname) +local function get_pem_cert_key(raw_hostname) + local hostname = re_sub(raw_hostname, "\\.$", "", "jo") + local pem_cert_key = configuration.get_pem_cert_key(hostname) if pem_cert_key then return pem_cert_key diff --git a/rootfs/etc/nginx/lua/test/certificate_test.lua b/rootfs/etc/nginx/lua/test/certificate_test.lua index 2de532ad6..e47231655 100644 --- a/rootfs/etc/nginx/lua/test/certificate_test.lua +++ b/rootfs/etc/nginx/lua/test/certificate_test.lua @@ -66,6 +66,20 @@ describe("Certificate", function() assert_certificate_is_set(EXAMPLE_CERT) end) + it("sets certificate and key for domain with trailing dot", function() + ssl.server_name = function() return "hostname.", nil end + ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT) + + assert_certificate_is_set(EXAMPLE_CERT) + end) + + it("fallbacks to default certificate and key for domain with many trailing dots", function() + ssl.server_name = function() return "hostname..", nil end + ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT) + + assert_certificate_is_set(DEFAULT_CERT) + end) + it("sets certificate and key for nested wildcard cert", function() ssl.server_name = function() return "sub.nested.hostname", nil end ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT)