Fix erroneous trailing period in x509 certificates served over DNS.

6 years ago · cb6bceae5c
parent 09a88dc989
commit cb6bceae5c
1 changed files with 5 additions and 0 deletions
--- a/ncdomain/convert.go
+++ b/ncdomain/convert.go
@ -261,6 +261,11 @@ func (v *Value) appendTLSA(out []dns.RR, suffix, apexSuffix string) ([]dns.RR, e
 		_, nameNoPort := util.SplitDomainTail(suffix)
 		_, nameNoPortOrProtocol := util.SplitDomainTail(nameNoPort)

+		if !strings.HasSuffix(nameNoPortOrProtocol, ".") {
+			continue
+		}
+		nameNoPortOrProtocol = strings.TrimSuffix(nameNoPortOrProtocol, ".")
+
 		derBytes, err := certdehydrate.FillRehydratedCertTemplate(template, nameNoPortOrProtocol)
 		if err != nil {
 			// TODO: add debug output here