certificate.Store: Allow using '*' in DNSNames

This isn't exactly a valid DNSName, but it reduces the number of certificates that need to be created. Clients should either accept it or skip checking DNSNames.
2021-03-04 16:40:16 -05:00 · 2021-03-04 16:40:16 -05:00 · de0b93a4f6
commit de0b93a4f6
parent ce649ecc66
1 changed files with 10 additions and 11 deletions
--- a/certificate/store.go
+++ b/certificate/store.go
@ -33,7 +33,6 @@ type Store struct {
 	// The provided scope is suitable for use in a certificate's DNSNames.
 	CreateCertificate func(scope string) (tls.Certificate, error)
 	scopes map[string]struct{}
 	certs map[string]tls.Certificate
 	path  string
 	mu    sync.RWMutex
@ -48,10 +47,10 @@ type Store struct {
 func (s *Store) Register(scope string) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
-	if s.scopes == nil {
+	if s.certs == nil {
-		s.scopes = make(map[string]struct{})
+		s.certs = make(map[string]tls.Certificate)
 	}
-	s.scopes[scope] = struct{}{}
+	s.certs[scope] = tls.Certificate{}
 }
 // Add registers the certificate for the given scope.
@ -105,24 +104,24 @@ func (s *Store) write(scope string, cert tls.Certificate) error {
 // Get is suitable for use in a gemini.Server's GetCertificate field.
 func (s *Store) Get(hostname string) (*tls.Certificate, error) {
 	s.mu.RLock()
-	_, ok := s.scopes[hostname]
+	cert, ok := s.certs[hostname]
 	if !ok {
 		// Try wildcard
 		wildcard := strings.SplitN(hostname, ".", 2)
 		if len(wildcard) == 2 {
 			hostname = "*." + wildcard[1]
-			_, ok = s.scopes[hostname]
+			cert, ok = s.certs[hostname]
 		}
 	}
 	if !ok {
 		// Try "*"
-		_, ok = s.scopes["*"]
+		hostname = "*"
 		cert, ok = s.certs[hostname]
 	}
 	if !ok {
 		s.mu.RUnlock()
 		return nil, errors.New("unrecognized scope")
 	}
 	cert := s.certs[hostname]
 	s.mu.RUnlock()
 	// If the certificate is empty or expired, generate a new one.