shithub: tlssrv.sni

--- a/README

+++ b/README

@@ -25,4 +25,44 @@

 key proto=rsa size=2048 ek=10001 n=BEF7549C333817BBE366CD58B2A60D3D2E3C1924ADF9E9B6BDB7FB74B5FF0CF1FF5A4D7A6F7202B7155D854396E925ADEAAF27AF8A118E0360470D6FD01BBF710051B02A53ECBFA8A8BB0FADCD4C7E320296CC6E82DE71B3B9D0378B982DB0359E4C8FD2AF9CB9BC3B6CBC0931E6638F74E716AA7B7AAF9E0873DDA676073B9C4F499EE57D96BAD2C2FB156CC25C289EAAC962CE785C82D2CFD78CC2A493B0965224EAFE94AB0A14441EF0CE4BBC0BF1E4034CAD051131A08120221F56E7000CAAF2244D5B111F7764CF04BE1A4BC866721FC4F8C9BD35F4EB71BFF33982F7BEAB3246794610666896C01D572D674E9A27B2CBD2D2D9311DAD675BAF230B82BF subject=mux.9lab.org

 Sample code that shows how to extract the domain from the

-subject can be found in /sys/src/cmd/auth/acmed.c:/^getcert

\ No newline at end of file

+subject can be found in /sys/src/cmd/auth/acmed.c:/^getcert

+static void

+getcert(char *csrpath)

+{

+	char *csr, *dom[64], subj[2048];

+	uchar *der;

+	int nder, ndom, fd;

+	RSApub *rsa;

+	Hdr loc = { "location" };

+	JSON *o;

+	if((fd = open(csrpath, OREAD|OCEXEC)) == -1)

+		sysfatal("open %s: %r", csrpath);

+	if((der = slurp(fd, &nder)) == nil)

+		sysfatal("read %s: %r", csrpath);

+	close(fd);

+	if((rsa = X509reqtoRSApub(der, nder, subj, sizeof(subj))) == nil)

+		sysfatal("decode csr: %r");

+	rsapubfree(rsa);

+	if((csr = encurl64(der, nder)) == nil)

+		sysfatal("encode %s: %r", csrpath);

+	free(der);

+	dprint("subject: %s\n", subj);

+	if((ndom = getfields(subj, dom, nelem(dom), 1, ", ")) == nelem(dom))

+		sysfatal("too man domains");

+	if((o = submitorder(dom, ndom, &loc)) == nil)

+		sysfatal("order: %r");

+	if(dochallenges(dom, ndom, o) == -1)

+		sysfatal("challenge: %r");

+	if(submitcsr(o, csr) == -1)

+		sysfatal("signing cert: %r");

+	if(fetchcert(loc.val) == -1)

+		sysfatal("saving cert: %r");

+	free(csr);

+}

\ No newline at end of file