mirror of
https://github.com/rancher/dynamiclistener.git
synced 2025-07-31 21:55:36 +00:00
Merge pull request #22 from ibuildthecloud/master
Always allow configured SANs regardless of the FilterCN
This commit is contained in:
commit
52ede5ec92
32
listener.go
32
listener.go
@ -49,7 +49,7 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
|
||||
CAKey: caKey,
|
||||
CN: config.CN,
|
||||
Organization: config.Organization,
|
||||
FilterCN: config.FilterCN,
|
||||
FilterCN: allowDefaultSANs(config.SANs, config.FilterCN),
|
||||
},
|
||||
Listener: l,
|
||||
storage: &nonNil{storage: storage},
|
||||
@ -81,6 +81,35 @@ func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, c
|
||||
return tlsListener, dynamicListener.cacheHandler(), nil
|
||||
}
|
||||
|
||||
func allowDefaultSANs(sans []string, next func(...string) []string) func(...string) []string {
|
||||
if next == nil {
|
||||
return nil
|
||||
} else if len(sans) == 0 {
|
||||
return next
|
||||
}
|
||||
|
||||
sanMap := map[string]bool{}
|
||||
for _, san := range sans {
|
||||
sanMap[san] = true
|
||||
}
|
||||
|
||||
return func(s ...string) []string {
|
||||
var (
|
||||
good []string
|
||||
unknown []string
|
||||
)
|
||||
for _, s := range s {
|
||||
if sanMap[s] {
|
||||
good = append(good, s)
|
||||
} else {
|
||||
unknown = append(unknown, s)
|
||||
}
|
||||
}
|
||||
|
||||
return append(good, next(unknown...)...)
|
||||
}
|
||||
}
|
||||
|
||||
type cancelClose struct {
|
||||
cancel func()
|
||||
net.Listener
|
||||
@ -338,6 +367,7 @@ func (l *listener) loadCert() (*tls.Certificate, error) {
|
||||
}
|
||||
|
||||
l.cert = &cert
|
||||
l.version = secret.ResourceVersion
|
||||
return l.cert, nil
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user