~emersion/public-inbox

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[PATCH tlstunnel] Add support for wildcard server names in frontend directives

Details
Message ID
<20200912174315.4487-1-delthas@dille.cc>
DKIM signature
pass
Download raw message
Patch: +9 -2
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
---
 server.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/server.go b/server.go
index 40c9854..8aecf5c 100644
--- a/server.go
+++ b/server.go
@@ -7,6 +7,7 @@ import (
	"io"
	"log"
	"net"
	"strings"

	"github.com/caddyserver/certmagic"
	"github.com/pires/go-proxyproto"
@@ -128,9 +129,15 @@ func (ln *Listener) handle(conn net.Conn) error {

	tlsState := tlsConn.ConnectionState()

	// TODO: support wildcard certificates. Sadly this requires solving a DNS
	// challenge.
	fe, ok := ln.Frontends[tlsState.ServerName]
	if !ok {
		// match wildcard certificates, allowing only a single, non-partial wildcard, in the left-most label
		i := strings.IndexByte(tlsState.ServerName, '.')
		// don't allow wildcards with only a TLD (eg *.com)
		if i >= 0 && strings.IndexByte(tlsState.ServerName[i+1:], '.') >= 0 {
			fe, ok = ln.Frontends["*"+tlsState.ServerName[i:]]
		}
	}
	if !ok {
		fe, ok = ln.Frontends[""]
	}
-- 
2.26.2
Details
Message ID
<-aYQ53sq66EniJRnr_ffy1tsenS6d1bi8Z5Pv811DDuBxw52vmUsLxT41BsImPr2PIzMt-bvDg3USKi63An8ScqywV9rlsbepmJHAt29uGQ=@emersion.fr>
In-Reply-To
<20200912174315.4487-1-delthas@dille.cc> (view parent)
DKIM signature
fail
Download raw message
DKIM signature: fail
LGTM, pushed. Thanks!

[tlstunnel/patches/.build.yml] build success

builds.sr.ht
Details
Message ID
<C5RK1R67DYV6.14THCB9XCICB5@cirno2>
In-Reply-To
<20200912174315.4487-1-delthas@dille.cc> (view parent)
DKIM signature
missing
Download raw message
tlstunnel/patches/.build.yml: SUCCESS in 22m14s

[Add support for wildcard server names in frontend directives][0] from [delthas][1]

[0]: https://lists.sr.ht/~emersion/public-inbox/patches/13896
[1]: mailto:delthas@dille.cc

✓ #304922 SUCCESS tlstunnel/patches/.build.yml https://builds.sr.ht/~emersion/job/304922
Review patch Export thread (mbox)