diff options
| author | Roland Shoemaker <roland@golang.org> | 2025-02-21 09:59:08 -0800 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-02-21 16:31:38 -0800 |
| commit | f66f74b0a406b5f6909183531ace593857f1646c (patch) | |
| tree | 069d149323534fc074c4d342187f69f548725e12 | |
| parent | b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85 (diff) | |
| download | go-x-crypto-f66f74b0a406b5f6909183531ace593857f1646c.tar.xz | |
acme/autocert: check host policy before probing the cachev0.34.0
Avoid unnessecary cache probes for names that don't match the host
policy.
Fixes golang/go#71199
Change-Id: I11e8465b0416e960a549b0c0d74a622026c39931
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/651296
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
| -rw-r--r-- | acme/autocert/autocert.go | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go index 6b4cdf4..ccd5b7e 100644 --- a/acme/autocert/autocert.go +++ b/acme/autocert/autocert.go @@ -292,6 +292,10 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, } // regular domain + if err := m.hostPolicy()(ctx, name); err != nil { + return nil, err + } + ck := certKey{ domain: strings.TrimSuffix(name, "."), // golang.org/issue/18114 isRSA: !supportsECDSA(hello), @@ -305,9 +309,6 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, } // first-time - if err := m.hostPolicy()(ctx, name); err != nil { - return nil, err - } cert, err = m.createCert(ctx, ck) if err != nil { return nil, err |