From 45f5c17260a7a76a392f11c8a4c762c355476ba0 Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.so>
Date: Fri, 2 Feb 2018 23:47:29 +0100
Subject: [PATCH] fixed altname extraction of csr with wildcard domains, moved
 altname extraction from sign_csr to command_sign_csr

---
 dehydrated | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/dehydrated b/dehydrated
index 0cafad8..6ee7dc1 100755
--- a/dehydrated
+++ b/dehydrated
@@ -576,8 +576,7 @@ extract_altnames() {
     fi
     # strip away the DNS: prefix
     altnames="$( <<<"${altnames}" _sed -e 's/^(DNS:|othername:<unsupported>)//' )"
-    echo "${altnames}"
-
+    echo "${altnames}" | tr '\n' ' '
   else
     # No SANs, extract CN
     altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.* CN ?= ?([^ /,]*).*/\1/' )"
@@ -596,11 +595,7 @@ sign_csr() {
   fi
 
   shift 1 || true
-  altnames="${*:-}"
-  if [ -z "${altnames}" ]; then
-    altnames="$( extract_altnames "${csr}" )"
-  fi
-  export altnames
+  export altnames="${*}"
 
   if [[ ${API} -eq 1 ]]; then
     if [[ -z "${CA_NEW_AUTHZ}" ]] || [[ -z "${CA_NEW_CERT}" ]]; then
@@ -937,7 +932,7 @@ sign_domain() {
 
   crt_path="${certdir}/cert-${timestamp}.pem"
   # shellcheck disable=SC2086
-  sign_csr "$(< "${certdir}/cert-${timestamp}.csr" )" ${altnames} 3>"${crt_path}"
+  sign_csr "$(< "${certdir}/cert-${timestamp}.csr")" ${altnames} 3>"${crt_path}"
 
   # Create fullchain.pem
   echo " + Creating fullchain.pem..."
@@ -1253,14 +1248,19 @@ command_sign_csr() {
 
   init_system
 
+  # load csr
   csrfile="${1}"
   if [ ! -r "${csrfile}" ]; then
     _exiterr "Could not read certificate signing request ${csrfile}"
   fi
+  csr="$(cat "${csrfile}")"
+
+  # extract names
+  altnames="$(extract_altnames "${csr}")"
 
   # gen cert
   certfile="$(_mktemp)"
-  sign_csr "$(< "${csrfile}" )" 3> "${certfile}"
+  sign_csr "${csr}" ${altnames} 3> "${certfile}"
 
   # print cert
   echo "# CERT #" >&3
-- 
2.47.2