From de0da04dd98245213ce470657fe5d604cf283136 Mon Sep 17 00:00:00 2001
From: Florentin Dubois <florentin.dubois@clever-cloud.com>
Date: Wed, 29 May 2024 13:58:28 +0200
Subject: [PATCH] fix(command): do not override subject and san of certificate
 when loading configuration from file

Signed-off-by: Florentin Dubois <florentin.dubois@clever-cloud.com>
---
 command/src/config.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/command/src/config.rs b/command/src/config.rs
index 346f418b8..8e75a73ba 100644
--- a/command/src/config.rs
+++ b/command/src/config.rs
@@ -919,7 +919,11 @@ impl HttpFrontendConfig {
                         certificate: self.certificate.clone().unwrap(),
                         certificate_chain: self.certificate_chain.clone().unwrap_or_default(),
                         versions: self.tls_versions.iter().map(|v| *v as i32).collect(),
-                        names: vec![self.hostname.clone()],
+                        // This field is used to override the certificate subject and san, we should not set it when
+                        // loading the configuration, as we may provide a wildcard certificate for a specific domain.
+                        // As a result, we will reject legit traffic for others domains as the certificate resolver will
+                        // not load twice the same certificate and then do not register the certificate for others domains.
+                        names: vec![],
                     },
                     expired_at: None,
                 })