From 9171bc2f55197422fcc2f223520fe01fd0b94287 Mon Sep 17 00:00:00 2001 From: "thomas.chen" Date: Fri, 23 Aug 2024 15:39:29 +0800 Subject: [PATCH] Solving the problem that the function '_readSubjectAltNamesFromCSR' will cause certificates to not be issued in SAN and CN with the same wildcard domain --- acme.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) mode change 100755 => 100644 acme.sh diff --git a/acme.sh b/acme.sh old mode 100755 new mode 100644 index 4cf407f2..c8d7d50c --- a/acme.sh +++ b/acme.sh @@ -464,6 +464,12 @@ _contains() { echo "$_str" | grep -- "$_sub" >/dev/null 2>&1 } +_contains_fixed() { + _str="$1" + _sub="$2" + echo "$_str" | grep -F -- "$_sub" >/dev/null 2>&1 +} + _hasfield() { _str="$1" _field="$2" @@ -1345,7 +1351,7 @@ _readSubjectAltNamesFromCSR() { _dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" _debug _dnsAltnames "$_dnsAltnames" - if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then + if _contains_fixed "$_dnsAltnames," "DNS:$_csrsubj,"; then _debug "AltNames contains subject" _excapedAlgnames="$(echo "$_dnsAltnames" | tr '*' '#')" _debug _excapedAlgnames "$_excapedAlgnames"