Enable unique cert verification in testnet

filecoin-saturn · Nov 21, 2023 · d6c369a · d6c369a
1 parent 6af8be7
commit d6c369a
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/container/shim/src/modules/registration.js b/container/shim/src/modules/registration.js
@@ -202,9 +202,19 @@ async function checkCertValidity(certBuffer, registerOptions, preregisterRespons
     }
   }
 
-  if (NETWORK === "test" && cert.subjectAltName && !cert.subjectAltName.includes("l1s.saturn-test.ms")) {
-    debug("Certificate is missing l1s.saturn-test.ms SAN, getting a new one...");
-    valid = false;
+  if (NETWORK === "test" && cert.subjectAltName) {
+    if (!cert.subjectAltName.includes("l1s.saturn-test.ms")) {
+      debug("Certificate is missing l1s.saturn-test.ms SAN, getting a new one...");
+      valid = false;
+    }
+
+    const subdomain = preregisterResponse?.ip?.replace(/\./g, "-");
+    const targetSAN = subdomain ? `${subdomain}.l1s.saturn-test.ms` : ".l1s.saturn-test.ms";
+
+    if (!cert.subjectAltName.includes(targetSAN)) {
+      debug(`Certificate is missing ${targetSAN} unique SAN, getting a new one...`);
+      valid = false;
+    }
   }
 
   if (!valid) {