Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: send current certificate SNIs with updates
When decK must update a certificate, retrieve the current certificate's set of SNIs, convert them to strings, and set these on the updated certificate. Certificate and SNI objects have a special relationship. A PUT request (which we use for updates) with a certificate that contains no SNI children will in fact delete any existing SNI objects associated with that certificate, rather than leaving them as-is. Because decK considers SNIs separate objects and strips SNI child objects from certificate objects, updates to other certificate fields will PUT a certificate with no SNIs and inadvertently delete existing SNIs. Not stripping SNIs from certificate objects in general presents its own issues, as decK will attempt to operate on both objects and generate conflicts. To work around these issues, this change sets SNIs on certificates ONLY during update requests using the current certificate's SNI list. If there are changes to the SNIs, subsequent actions on the SNI objects will handle those. Fix #356
- Loading branch information