fix(command): do not override subject and san of certificate when loa…

…ding configuration from file Signed-off-by: Florentin Dubois <[email protected]>
sozu-proxy · May 29, 2024 · a7eded1 · a7eded1
1 parent 34d8b93
commit a7eded1
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/command/src/config.rs b/command/src/config.rs
@@ -919,7 +919,10 @@ impl HttpFrontendConfig {
                         certificate: self.certificate.clone().unwrap(),
                         certificate_chain: self.certificate_chain.clone().unwrap_or_default(),
                         versions: self.tls_versions.iter().map(|v| *v as i32).collect(),
-                        names: vec![self.hostname.clone()],
+                        // This field is used to override the certificate subject and san, we should not set when loading 
+                        // the configuration it, as we may provide a wildcard certificate for a specific domain, and it 
+                        // will reject legit traffic for others domains.
+                        names: vec![],
                     },
                     expired_at: None,
                 })