Browse Source

Allow certificates to have the same name but different key type

pull/41/head
Rodolphe Breard 4 years ago
parent
commit
e0ffe377a2
  1. 3
      CHANGELOG.md
  2. 6
      acmed/src/certificate.rs
  3. 9
      acmed/src/main_event_loop.rs
  4. 4
      man/en/acmed.toml.5

3
CHANGELOG.md

@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Changed
- Certificates are now allowed to share the same name if their respective key type is different.
## [0.14.0] - 2020-10-27 ## [0.14.0] - 2020-10-27

6
acmed/src/certificate.rs

@ -28,7 +28,7 @@ pub struct Certificate {
impl fmt::Display for Certificate { impl fmt::Display for Certificate {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{}", self.crt_name)
write!(f, "{}", self.get_id())
} }
} }
@ -51,6 +51,10 @@ impl HasLogger for Certificate {
} }
impl Certificate { impl Certificate {
pub fn get_id(&self) -> String {
format!("{}_{}", self.crt_name, self.key_type)
}
pub fn get_identifier_from_str(&self, identifier: &str) -> Result<Identifier, Error> { pub fn get_identifier_from_str(&self, identifier: &str) -> Result<Identifier, Error> {
let identifier = identifier.to_string(); let identifier = identifier.to_string();
for d in self.identifiers.iter() { for d in self.identifiers.iter() {

9
acmed/src/main_event_loop.rs

@ -95,10 +95,6 @@ impl MainEventLoop {
let endpoint = crt.get_endpoint(&cnf, root_certs)?; let endpoint = crt.get_endpoint(&cnf, root_certs)?;
let endpoint_name = endpoint.name.clone(); let endpoint_name = endpoint.name.clone();
let crt_name = crt.get_crt_name()?; let crt_name = crt.get_crt_name()?;
if certs.iter().any(|c| c.crt_name == crt_name) {
let msg = format!("{}: duplicate certificate name", crt_name);
return Err(msg.into());
}
let key_type = crt.get_key_type()?; let key_type = crt.get_key_type()?;
let hooks = crt.get_hooks(&cnf)?; let hooks = crt.get_hooks(&cnf)?;
let fm = FileManager { let fm = FileManager {
@ -139,6 +135,11 @@ impl MainEventLoop {
renew_delay: crt.get_renew_delay(&cnf)?, renew_delay: crt.get_renew_delay(&cnf)?,
file_manager: fm, file_manager: fm,
}; };
let crt_id = cert.get_id();
if certs.iter().any(|c| c.get_id() == crt_id) {
let msg = format!("{}: duplicate certificate id", crt_id);
return Err(msg.into());
}
match accounts.get_mut(&crt.account) { match accounts.get_mut(&crt.account) {
Some(acc) => acc.add_endpoint_name(&endpoint_name), Some(acc) => acc.add_endpoint_name(&endpoint_name),
None => { None => {

4
man/en/acmed.toml.5

@ -89,7 +89,7 @@ RS256
.It Ic certificate .It Ic certificate
Array of table representing a certificate that will be requested to a CA. Array of table representing a certificate that will be requested to a CA.
.Pp .Pp
Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
Note that, by default, certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
.Bl -tag .Bl -tag
.It Ic account Ar string .It Ic account Ar string
Name of the account to use. Name of the account to use.
@ -154,7 +154,7 @@ rsa4096
.It Ic kp_reuse Ar boolean .It Ic kp_reuse Ar boolean
Set whether or not the private key should be reused when renewing the certificate. Default is false. Set whether or not the private key should be reused when renewing the certificate. Default is false.
.It Ic name .It Ic name
Name of the certificate. Must be unique. Will be used in logs and in the associated file's name. The
Name of the certificate. Must be unique unless the key type is different. Will be used in logs and in the associated file's name. The
.Sq * , .Sq * ,
.So .So
: :

Loading…
Cancel
Save