From 24cf47dde05dc0fc9c91317a90f1d6f7c9950508 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Sun, 12 Mar 2017 17:42:03 -0700
Subject: [PATCH] Completed webmin per-domain cert support

---
 miniserv.pl            | 12 ++++++++++++
 usermin/CHANGELOG      |  2 ++
 usermin/save_ipkey.cgi |  3 ++-
 webmin/CHANGELOG       |  1 +
 webmin/save_ipkey.cgi  |  3 ++-
 5 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/miniserv.pl b/miniserv.pl
index e964bdfc2..acce8b676 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -272,6 +272,18 @@ if ($use_ssl) {
 			$ssl_contexts{$ip} = $ctx;
 			}
 		}
+
+	# Setup per-hostname SSL contexts on the main IP
+	Net::SSLeay::CTX_set_tlsext_servername_callback($ssl_contexts{"*"},
+	    sub {
+		my $ssl = shift;
+		my $h = Net::SSLeay::get_servername($ssl);
+		my $c = $ssl_contexts{$h} ||
+			$h =~ /^[^\.]+\.(.*)$/ && $ssl_contexts{"*.$1"};
+		if ($c) {
+			Net::SSLeay::set_SSL_CTX($ssl, $c);
+			}
+		});
 	}
 
 # Load gzip library if enabled
diff --git a/usermin/CHANGELOG b/usermin/CHANGELOG
index 209d16583..6561c2e5c 100644
--- a/usermin/CHANGELOG
+++ b/usermin/CHANGELOG
@@ -53,3 +53,5 @@ Updated the SSL Encryption page to have the same UI and features as Webmin.
 Added a button to copy the SSL certificate and other settings from Webmin.
 ---- Changes since 1.770 ----
 Converted all pages to use the new Webmin UI library, for a more consistent and themeable experience.
+---- Changes since 1.830 ----
+Per-domain-name SSL certificates can now be created as well as per-IP, allowing for multiple certs to exist on the same IP address.
diff --git a/usermin/save_ipkey.cgi b/usermin/save_ipkey.cgi
index e37c01a1a..258f5bd58 100755
--- a/usermin/save_ipkey.cgi
+++ b/usermin/save_ipkey.cgi
@@ -22,7 +22,8 @@ else {
 	@ips = split(/\s+/, $in{'ips'});
 	foreach $i (@ips) {
 		&check_ipaddress($i) || &check_ip6address($i) ||
-		    &to_ipaddress($i) || &error(&text('ipkey_eip2', $i));
+			$i =~ /^(\*\.)?[a-z0-9\.\_\-]+$/i ||
+			&error(&text('ipkey_eip2', $i));
 		}
 	@ips || &error(&text('ipkey_eips'));
 	$ipkey->{'ips'} = \@ips;
diff --git a/webmin/CHANGELOG b/webmin/CHANGELOG
index 2f8c099c2..51a57e94f 100644
--- a/webmin/CHANGELOG
+++ b/webmin/CHANGELOG
@@ -139,3 +139,4 @@ The Let's Encrypt key size can now be customized.
 When Perfect Forward Secrecy ciphers are selected, the required DH params file is now created and used by Webmin.
 ---- Changes since 1.830 ----
 Added DNS validation support for Let's Encrypt certificate requests, for use when a system is hosting the DNS zone that you want to request a cert for.
+Per-domain-name SSL certificates can now be created as well as per-IP, allowing for multiple certs to exist on the same IP address.
diff --git a/webmin/save_ipkey.cgi b/webmin/save_ipkey.cgi
index 7affb0e22..89acb618f 100755
--- a/webmin/save_ipkey.cgi
+++ b/webmin/save_ipkey.cgi
@@ -22,7 +22,8 @@ else {
 	@ips = split(/\s+/, $in{'ips'});
 	foreach $i (@ips) {
 		&check_ipaddress($i) || &check_ip6address($i) ||
-		    &to_ipaddress($i) || &error(&text('ipkey_eip2', $i));
+			$i =~ /^(\*\.)?[a-z0-9\.\_\-]+$/i ||
+			&error(&text('ipkey_eip2', $i));
 		}
 	@ips || &error(&text('ipkey_eips'));
 	$ipkey->{'ips'} = \@ips;