From be9efe0273d9019e0c561c7f9996db11f45c17fc Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 29 Nov 2015 14:04:37 +0000
Subject: [PATCH] ensure malformed ssl certificate can't cause it to be written
 to an arbitrary path

---
 management/ssl_certificates.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index f9b0855f..0365251c 100644
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -2,7 +2,7 @@
 
 import os, os.path, re, shutil
 
-from utils import shell
+from utils import shell, safe_domain_name
 
 def get_ssl_certificates(env):
 	# Scan all of the installed SSL certificates and map every domain
@@ -170,7 +170,7 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
 	cert = load_pem(load_cert_chain(fn)[0])
 	all_domains, cn = get_certificate_domains(cert)
 	path = "%s-%s-%s.pem" % (
-		cn, # common name
+		safe_domain_name(cn), # common name, which should be filename safe because it is IDNA-encoded, but in case of a malformed cert make sure it's ok to use as a filename
 		cert.not_valid_after.date().isoformat().replace("-", ""), # expiration date
 		hexlify(cert.fingerprint(hashes.SHA256())).decode("ascii")[0:8], # fingerprint prefix
 		)