aboutsummaryrefslogtreecommitdiff
path: root/src/cert_store.rs
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-12-08 11:11:22 +0100
committerAlex Auvolat <alex@adnab.me>2021-12-08 11:11:22 +0100
commit098a6cf2cdb9b0370ab7358b005f731b65e9981c (patch)
tree80e862f2ba2aeb03a33ab8e4fcb05d4a221dd308 /src/cert_store.rs
parent11c6f0b1c29b10893de9390f5be559de49e78410 (diff)
downloadtricot-098a6cf2cdb9b0370ab7358b005f731b65e9981c.tar.gz
tricot-098a6cf2cdb9b0370ab7358b005f731b65e9981c.zip
Implement glob pattern hostnames
no wildcard certificates: one certificate per matching hostname that actually recieves requests
Diffstat (limited to 'src/cert_store.rs')
-rw-r--r--src/cert_store.rs10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/cert_store.rs b/src/cert_store.rs
index f1b7d2b..8d45df4 100644
--- a/src/cert_store.rs
+++ b/src/cert_store.rs
@@ -14,7 +14,7 @@ use rustls::sign::CertifiedKey;
use crate::cert::{Cert, CertSer};
use crate::consul::*;
-use crate::proxy_config::ProxyConfig;
+use crate::proxy_config::*;
pub struct CertStore {
consul: Consul,
@@ -39,11 +39,13 @@ impl CertStore {
let proxy_config: Arc<ProxyConfig> = rx_proxy_config.borrow().clone();
for ent in proxy_config.entries.iter() {
- domains.insert(ent.host.clone());
+ if let HostDescription::Hostname(domain) = &ent.host {
+ domains.insert(domain.clone());
+ }
}
- info!("Ensuring we have certs for domains: {:?}", domains);
for dom in domains.iter() {
+ info!("Ensuring we have certs for domains: {:?}", domains);
if let Err(e) = self.get_cert(dom).await {
warn!("Error get_cert {}: {}", dom, e);
}
@@ -58,7 +60,7 @@ impl CertStore {
.borrow()
.entries
.iter()
- .any(|ent| ent.host == domain)
+ .any(|ent| ent.host.matches(domain))
{
bail!("Domain {} should not have a TLS certificate.", domain);
}