support otherName SAN entries for domain verification (fixes #356)

diff --git a/dehydrated b/dehydrated
index f66e54d169217cc3bd8b2d3d9287737bf54acb71..84adfe381350c429cfa862e6d8dcbf6e6e337814 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -484,11 +484,11 @@ extract_altnames() {
     # shellcheck disable=SC1003
     altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /\'$'\n''/g' )"
     # we can only get DNS: ones signed
-    if grep -qv '^DNS:' <<<"${altnames}"; then
+    if grep -qEv '^(DNS|othername):' <<<"${altnames}"; then
       _exiterr "Certificate signing request contains non-DNS Subject Alternative Names"
     fi
     # strip away the DNS: prefix
-    altnames="$( <<<"${altnames}" _sed -e 's/^DNS://' )"
+    altnames="$( <<<"${altnames}" _sed -e 's/^(DNS:|othername:<unsupported>)//' )"
     echo "${altnames}"
 
   else