cert: add ddns domain to server cert.

pymumu · pymumu · commit 4046b01eb2bf · 2025-05-09T00:41:08.000+08:00
diff --git a/src/dns_conf/ddns_domain.c b/src/dns_conf/ddns_domain.c
@@ -18,6 +18,14 @@
 
 #include "ddns_domain.h"
 #include "domain_rule.h"
+#include "smartdns/lib/stringutil.h"
+
+static char ddns_domain[DNS_MAX_CNAME_LEN] = {0};
+
+const char *dns_conf_get_ddns_domain(void)
+{
+	return ddns_domain;
+}
 
 int _config_ddns_domain(void *data, int argc, char *argv[])
 {
@@ -27,6 +35,7 @@ int _config_ddns_domain(void *data, int argc, char *argv[])
 	}
 
 	const char *domain = argv[1];
+	safe_strncpy(ddns_domain, domain, sizeof(ddns_domain));
 	_config_domain_rule_flag_set(domain, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);
 	return 0;
 }
diff --git a/src/include/smartdns/dns_conf.h b/src/include/smartdns/dns_conf.h
@@ -786,6 +786,8 @@ const char *dns_conf_get_cache_dir(void);
 
 const char *dns_conf_get_data_dir(void);
 
+const char *dns_conf_get_ddns_domain(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/smartdns/util.h b/src/include/smartdns/util.h
@@ -138,7 +138,7 @@ int SSL_base64_encode(const void *in, int in_len, char *out);
 
 int generate_cert_key(const char *key_path, const char *cert_path, const char *root_key_path, const char *san, int days);
 
-int generate_cert_san(char *san, int max_san_len);
+int generate_cert_san(char *san, int max_san_len, const char *append_san);
 
 int is_cert_valid(const char *cert_file_path);
 
diff --git a/src/smartdns.c b/src/smartdns.c
@@ -382,6 +382,7 @@ static int _smartdns_create_cert(void)
 	char san[PATH_MAX] = {0};
 	/* 13 month */
 	int validity_days = 13 * 30;
+	char ddns_san[DNS_MAX_CNAME_LEN] = {0};
 
 	if (dns_conf.need_cert == 0) {
 		return 0;
@@ -409,8 +410,12 @@ static int _smartdns_create_cert(void)
 		unlink(dns_conf.bind_ca_key_file);
 		tlog(TLOG_WARN, "regenerate cert with root ca key %s", dns_conf.bind_root_ca_key_file);
 	}
+	
+	if (dns_conf_get_ddns_domain()[0] != 0) {
+		snprintf(ddns_san, sizeof(ddns_san), "DNS:%s", dns_conf_get_ddns_domain());
+	}
 
-	if (generate_cert_san(san, sizeof(san)) != 0) {
+	if (generate_cert_san(san, sizeof(san), ddns_san) != 0) {
 		tlog(TLOG_WARN, "generate cert san failed.");
 		return -1;
 	}
diff --git a/src/utils/ssl.c b/src/utils/ssl.c
@@ -94,7 +94,7 @@ int is_cert_valid(const char *cert_file_path)
 	return ret;
 }
 
-int generate_cert_san(char *san, int max_san_len)
+int generate_cert_san(char *san, int max_san_len, const char *append_san)
 {
 	char hostname[DNS_MAX_HOSTNAME_LEN];
 	char domainname[DNS_MAX_HOSTNAME_LEN];
@@ -117,11 +117,13 @@ int generate_cert_san(char *san, int max_san_len)
 	}
 	san_len += len;
 
-	len = snprintf(san + san_len, max_san_len - san_len, ",DNS:%s", "localhost");
-	if (len < 0 || len >= max_san_len - san_len) {
-		return -1;
+	if (append_san != NULL && append_san[0] != '\0') {
+		len = snprintf(san + san_len, max_san_len - san_len, ",%s", append_san);
+		if (len < 0 || len >= max_san_len - san_len) {
+			return -1;
+		}
+		san_len += len;
 	}
-	san_len += len;
 
 	/* get local domain name */
 	if (getdomainname(domainname, DNS_MAX_HOSTNAME_LEN - 1) == 0) {

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,14 @@`
`18`	`18`
`19`	`19`	`#include "ddns_domain.h"`
`20`	`20`	`#include "domain_rule.h"`
	`21`	`+#include "smartdns/lib/stringutil.h"`
	`22`	`+`
	`23`	`+static char ddns_domain[DNS_MAX_CNAME_LEN] = {0};`
	`24`	`+`
	`25`	`+const char *dns_conf_get_ddns_domain(void)`
	`26`	`+{`
	`27`	`+ return ddns_domain;`
	`28`	`+}`
`21`	`29`
`22`	`30`	`int _config_ddns_domain(void data, int argc, char argv[])`
`23`	`31`	`{`
`@@ -27,6 +35,7 @@ int _config_ddns_domain(void data, int argc, char argv[])`
`27`	`35`	`}`
`28`	`36`
`29`	`37`	`const char *domain = argv[1];`
	`38`	`+ safe_strncpy(ddns_domain, domain, sizeof(ddns_domain));`
`30`	`39`	`_config_domain_rule_flag_set(domain, DOMAIN_FLAG_SMARTDNS_DOMAIN, 0);`
`31`	`40`	`return 0;`
`32`	`41`	`}`
Original file line number	Diff line number	Diff line change
`@@ -786,6 +786,8 @@ const char *dns_conf_get_cache_dir(void);`
`786`	`786`
`787`	`787`	`const char *dns_conf_get_data_dir(void);`
`788`	`788`
	`789`	`+const char *dns_conf_get_ddns_domain(void);`
	`790`	`+`
`789`	`791`	`#ifdef __cplusplus`
`790`	`792`	`}`
`791`	`793`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ int is_cert_valid(const char *cert_file_path)`
`94`	`94`	`return ret;`
`95`	`95`	`}`
`96`	`96`
`97`		`-int generate_cert_san(char *san, int max_san_len)`
	`97`	`+int generate_cert_san(char san, int max_san_len, const char append_san)`
`98`	`98`	`{`
`99`	`99`	`char hostname[DNS_MAX_HOSTNAME_LEN];`
`100`	`100`	`char domainname[DNS_MAX_HOSTNAME_LEN];`
`@@ -117,11 +117,13 @@ int generate_cert_san(char *san, int max_san_len)`
`117`	`117`	`}`
`118`	`118`	`san_len += len;`
`119`	`119`
`120`		`- len = snprintf(san + san_len, max_san_len - san_len, ",DNS:%s", "localhost");`
`121`		`- if (len < 0 \|\| len >= max_san_len - san_len) {`
`122`		`- return -1;`
	`120`	`+ if (append_san != NULL && append_san[0] != '\0') {`
	`121`	`+ len = snprintf(san + san_len, max_san_len - san_len, ",%s", append_san);`
	`122`	`+ if (len < 0 \|\| len >= max_san_len - san_len) {`
	`123`	`+ return -1;`
	`124`	`+ }`
	`125`	`+ san_len += len;`
`123`	`126`	`}`
`124`		`- san_len += len;`
`125`	`127`
`126`	`128`	`/* get local domain name */`
`127`	`129`	`if (getdomainname(domainname, DNS_MAX_HOSTNAME_LEN - 1) == 0) {`