From e0ffe377a28e112d60d513704761c93d83b97685 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Mon, 2 Nov 2020 18:27:06 +0100 Subject: [PATCH] Allow certificates to have the same name but different key type --- CHANGELOG.md | 3 +++ acmed/src/certificate.rs | 6 +++++- acmed/src/main_event_loop.rs | 9 +++++---- man/en/acmed.toml.5 | 4 ++-- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 67f0675..818290a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed +- Certificates are now allowed to share the same name if their respective key type is different. + ## [0.14.0] - 2020-10-27 diff --git a/acmed/src/certificate.rs b/acmed/src/certificate.rs index 71afa34..752d399 100644 --- a/acmed/src/certificate.rs +++ b/acmed/src/certificate.rs @@ -28,7 +28,7 @@ pub struct Certificate { impl fmt::Display for Certificate { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.crt_name) + write!(f, "{}", self.get_id()) } } @@ -51,6 +51,10 @@ impl HasLogger for Certificate { } impl Certificate { + pub fn get_id(&self) -> String { + format!("{}_{}", self.crt_name, self.key_type) + } + pub fn get_identifier_from_str(&self, identifier: &str) -> Result { let identifier = identifier.to_string(); for d in self.identifiers.iter() { diff --git a/acmed/src/main_event_loop.rs b/acmed/src/main_event_loop.rs index 669a384..acb30fd 100644 --- a/acmed/src/main_event_loop.rs +++ b/acmed/src/main_event_loop.rs @@ -95,10 +95,6 @@ impl MainEventLoop { let endpoint = crt.get_endpoint(&cnf, root_certs)?; let endpoint_name = endpoint.name.clone(); let crt_name = crt.get_crt_name()?; - if certs.iter().any(|c| c.crt_name == crt_name) { - let msg = format!("{}: duplicate certificate name", crt_name); - return Err(msg.into()); - } let key_type = crt.get_key_type()?; let hooks = crt.get_hooks(&cnf)?; let fm = FileManager { @@ -139,6 +135,11 @@ impl MainEventLoop { renew_delay: crt.get_renew_delay(&cnf)?, file_manager: fm, }; + let crt_id = cert.get_id(); + if certs.iter().any(|c| c.get_id() == crt_id) { + let msg = format!("{}: duplicate certificate id", crt_id); + return Err(msg.into()); + } match accounts.get_mut(&crt.account) { Some(acc) => acc.add_endpoint_name(&endpoint_name), None => { diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index 1df70cc..1ff67b9 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -89,7 +89,7 @@ RS256 .It Ic certificate Array of table representing a certificate that will be requested to a CA. .Pp -Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued. +Note that, by default, certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued. .Bl -tag .It Ic account Ar string Name of the account to use. @@ -154,7 +154,7 @@ rsa4096 .It Ic kp_reuse Ar boolean Set whether or not the private key should be reused when renewing the certificate. Default is false. .It Ic name -Name of the certificate. Must be unique. Will be used in logs and in the associated file's name. The +Name of the certificate. Must be unique unless the key type is different. Will be used in logs and in the associated file's name. The .Sq * , .So :