From cb6bceae5c9c32d7c5f890fd4d2d586a2bfa3cfd Mon Sep 17 00:00:00 2001
From: JeremyRand <biolizard89@gmail.com>
Date: Sun, 11 Feb 2018 19:54:09 +0000
Subject: [PATCH] Fix erroneous trailing period in x509 certificates served
 over DNS.

---
 ncdomain/convert.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ncdomain/convert.go b/ncdomain/convert.go
index 6f0a1ce..e66cdb8 100644
--- a/ncdomain/convert.go
+++ b/ncdomain/convert.go
@@ -261,6 +261,11 @@ func (v *Value) appendTLSA(out []dns.RR, suffix, apexSuffix string) ([]dns.RR, e
 		_, nameNoPort := util.SplitDomainTail(suffix)
 		_, nameNoPortOrProtocol := util.SplitDomainTail(nameNoPort)
 
+		if !strings.HasSuffix(nameNoPortOrProtocol, ".") {
+			continue
+		}
+		nameNoPortOrProtocol = strings.TrimSuffix(nameNoPortOrProtocol, ".")
+
 		derBytes, err := certdehydrate.FillRehydratedCertTemplate(template, nameNoPortOrProtocol)
 		if err != nil {
 			// TODO: add debug output here