caddytls: Convert AP subjects to punycode

Fixes bugs related to TLS automation
This commit is contained in:
Matthew Holt 2025-03-14 15:44:20 -06:00
parent 1f8dab572c
commit 55c89ccf2a
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -28,6 +28,7 @@ import (
"github.com/mholt/acmez/v3"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"golang.org/x/net/idna"
"github.com/caddyserver/caddy/v2"
)
@ -183,7 +184,12 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
repl := caddy.NewReplacer()
subjects := make([]string, len(ap.SubjectsRaw))
for i, sub := range ap.SubjectsRaw {
subjects[i] = repl.ReplaceAll(sub, "")
sub = repl.ReplaceAll(sub, "")
subASCII, err := idna.ToASCII(sub)
if err != nil {
return fmt.Errorf("could not convert automation policy subject '%s' to punycode: %v", sub, err)
}
subjects[i] = subASCII
}
ap.subjects = subjects