Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support wildcards 

For example, if you're watching subdomain.example.com, a cert for
*.example.com will now match.
This commit is contained in:
Andrew Ayer 2016-04-26 14:49:39 -07:00
parent 4132ed5e9f
commit 65ed742477
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/ctwatch/main.go
View File

@ -27,8 +27,16 @@ var watchDomains []string
var watchDomainSuffixes []string var watchDomainSuffixes []string
func addWatchDomain (domain string) { func addWatchDomain (domain string) {
watchDomains = append(watchDomains, strings.ToLower(domain)) domain = strings.ToLower(domain)
watchDomainSuffixes = append(watchDomainSuffixes, "." + strings.ToLower(domain))
watchDomains = append(watchDomains, domain)
watchDomainSuffixes = append(watchDomainSuffixes, "." + domain)
if dot := strings.IndexRune(domain, '.'); dot != -1 {
// also look for wildcard names that could match
// TODO: support exotic wildcards (wildcards besides "*.<DOMAIN>") in case there are CAs that issue them (there are) and clients that support them (less clear)
watchDomains = append(watchDomains, "*" + domain[dot:])
}
} }
func setWatchDomains (domains []string) error { func setWatchDomains (domains []string) error {