Merge #60: Fix rehydrated TLSA records served over DNS

dba4ce7 Fix erroneous duplication of domain name in TLSA records served over DNS. (JeremyRand) cb6bcea Fix erroneous trailing period in x509 certificates served over DNS. (JeremyRand) Pull request description: Fixes #59, as well as a different bug that broke the same functionality as #59. Tree-SHA512: 54b2aba1368bf0c19735e773453141be40cd8fb7403b69932c21a60ed5d8b6cce255b61a756fb1745a338901bbc5d86e26387d1375216e6a88b691d3ae25e4d3
6 years ago · 6b49e3a9e2
parent 3829e2b22b dba4ce7008
commit 6b49e3a9e2
1 changed files with 6 additions and 1 deletions
--- a/ncdomain/convert.go
+++ b/ncdomain/convert.go
@ -261,6 +261,11 @@ func (v *Value) appendTLSA(out []dns.RR, suffix, apexSuffix string) ([]dns.RR, e
 		_, nameNoPort := util.SplitDomainTail(suffix)
 		_, nameNoPortOrProtocol := util.SplitDomainTail(nameNoPort)

+		if !strings.HasSuffix(nameNoPortOrProtocol, ".") {
+			continue
+		}
+		nameNoPortOrProtocol = strings.TrimSuffix(nameNoPortOrProtocol, ".")
+
 		derBytes, err := certdehydrate.FillRehydratedCertTemplate(template, nameNoPortOrProtocol)
 		if err != nil {
 			// TODO: add debug output here
@ -270,7 +275,7 @@ func (v *Value) appendTLSA(out []dns.RR, suffix, apexSuffix string) ([]dns.RR, e
 		derBytesHex := hex.EncodeToString(derBytes)

 		out = append(out, &dns.TLSA{
-			Hdr: dns.RR_Header{Name: suffix, Rrtype: dns.TypeTLSA, Class: dns.ClassINET,
+			Hdr: dns.RR_Header{Name: "", Rrtype: dns.TypeTLSA, Class: dns.ClassINET,
 				Ttl: defaultTTL},
 			Usage:        uint8(3),
 			Selector:     uint8(0),