fix:more domain ssl

#461
2025-12-06 14:59:18 +08:00 · 2025-09-28 16:27:33 +08:00
parent 16c3a8129d
commit 64eb7c6ead
2 changed files with 45 additions and 3 deletions
--- a/wafenginecore/hostssl.go
+++ b/wafenginecore/hostssl.go
@@ -81,15 +81,33 @@ func (ac *AllCertificate) RemoveSSL(domain string) error {
 	return nil
 }

-// GetSSL 加载证书
+// GetSSL 加载证书 - 支持通配符域名匹配
 func (ac *AllCertificate) GetSSL(domain string) *tls.Certificate {
 	ac.Mux.Lock()
 	defer ac.Mux.Unlock()
 	domain = strings.ToLower(domain)
+
+	// 首先尝试精确匹配
 	certificate, ok := ac.Map[domain]
-	if ok {
+	if ok && certificate != nil {
 		return certificate
 	}
+
+	// 如果精确匹配失败，尝试通配符匹配
+	// 例如：ssl1.samwaf.com 匹配 *.samwaf.com
+	domainParts := strings.Split(domain, ".")
+	if len(domainParts) >= 2 {
+		// 构造通配符域名，从最具体的开始匹配
+		for i := 0; i < len(domainParts)-1; i++ {
+			// 构造通配符域名
+			wildcardDomain := "*." + strings.Join(domainParts[i+1:], ".")
+			certificate, ok := ac.Map[wildcardDomain]
+			if ok && certificate != nil {
+				return certificate
+			}
+		}
+	}
+
 	return nil
 }

@@ -100,5 +118,5 @@ func (waf *WafEngine) GetCertificateFunc(clientInfo *tls.ClientHelloInfo) (*tls.
 	if x509Cert != nil {
 		return x509Cert, nil
 	}
-	return nil, errors.New("config error")
+	return nil, errors.New("certificate not found for domain: " + clientInfo.ServerName)
 }
--- a/wafenginecore/wafworker.go
+++ b/wafenginecore/wafworker.go
@@ -37,7 +37,19 @@ func (waf *WafEngine) LoadHost(inHost model.Hosts) []innerbean.ServerRunTime {

 	//检测https
 	if inHost.Ssl == 1 {
+		// 为主域名加载证书
 		waf.AllCertificate.LoadSSL(inHost.Host, inHost.Certfile, inHost.Keyfile)
+
+		// 为绑定的多个域名也加载相同的证书
+		if inHost.BindMoreHost != "" {
+			lines := strings.Split(inHost.BindMoreHost, "\n")
+			for _, line := range lines {
+				line = strings.TrimSpace(line)
+				if line != "" {
+					waf.AllCertificate.LoadSSL(line, inHost.Certfile, inHost.Keyfile)
+				}
+			}
+		}
 	}
 	if inHost.GLOBAL_HOST == 1 {
 		global.GWAF_GLOBAL_HOST_CODE = inHost.Code
@@ -317,6 +329,18 @@ func (waf *WafEngine) RemoveHost(host model.Hosts) {
 	delete(waf.HostTarget, host.Host+":"+strconv.Itoa(host.Port))
 	//c.移除某个端口下的证书数据
 	waf.AllCertificate.RemoveSSL(host.Host)
+
+	// 移除绑定的多个域名的证书
+	if host.BindMoreHost != "" {
+		lines := strings.Split(host.BindMoreHost, "\n")
+		for _, line := range lines {
+			line = strings.TrimSpace(line)
+			if line != "" {
+				waf.AllCertificate.RemoveSSL(line)
+			}
+		}
+	}
+
 	//d.删除更多内容里面域名信息
 	for moreHost, hostCode := range waf.HostTargetMoreDomain {
 		if hostCode == host.Code {