Skip to content

Only check allow_domain when we don't already have a cert #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 29, 2018
Merged

Only check allow_domain when we don't already have a cert #107

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 6 additions & 7 deletions lib/resty/auto-ssl/ssl_certificate.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,12 @@ local function get_cert(auto_ssl_instance, domain)
return convert_to_der_and_cache(domain, fullchain_pem, privkey_pem, false)
end

-- Check to ensure the domain is one we allow for handling SSL.
local allow_domain = auto_ssl_instance:get("allow_domain")
if not allow_domain(domain) then
return nil, nil, nil, "domain not allowed"
end

-- Finally, issue a new certificate if one hasn't been found yet.
fullchain_pem, privkey_pem = issue_cert(auto_ssl_instance, storage, domain)
if fullchain_pem and privkey_pem then
Expand Down Expand Up @@ -243,13 +249,6 @@ local function do_ssl(auto_ssl_instance, ssl_options)
return
end

-- Check to ensure the domain is one we allow for handling SSL.
local allow_domain = auto_ssl_instance:get("allow_domain")
if not allow_domain(domain) then
ngx.log(ngx.NOTICE, "auto-ssl: domain not allowed - using fallback - ", domain)
return
end

-- Get or issue the certificate for this domain.
local fullchain_der, privkey_der, newly_issued, get_cert_err = get_cert(auto_ssl_instance, domain)
if get_cert_err then
Expand Down