From 2e7b2de7573c3339c42925820ff0660c5a4a880c Mon Sep 17 00:00:00 2001
From: David Dollar <david@convox.com>
Date: Mon, 13 Jan 2020 09:04:23 -0500
Subject: [PATCH] router: refuse to generate certificates for unknown hosts
 (#68)

---
 pkg/router/router.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/router/router.go b/pkg/router/router.go
index d134220..5db8781 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -238,6 +238,14 @@ func (r *Router) generateCertificateAutocert(m *autocert.Manager) func(*tls.Clie
 			return common.CertificateSelfSigned("convox")
 		}
 
+		ts, err := r.storage.TargetList(hello.ServerName)
+		if err != nil {
+			return nil, err
+		}
+		if len(ts) == 0 {
+			return nil, fmt.Errorf("unknown host")
+		}
+
 		c, err := m.GetCertificate(hello)
 		if err != nil {
 			fmt.Printf("err: %+v\n", err)