From 0e02f7e258b86b12faa8636b8c8538539c0cad67 Mon Sep 17 00:00:00 2001
From: Konstantin Lebedev <lebedev_k@tochka.com>
Date: Wed, 10 Mar 2021 12:42:44 +0500
Subject: [PATCH] comma-separated SSL certificate common names

---
 docker/compose/tls.env | 8 ++++----
 weed/security/tls.go   | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docker/compose/tls.env b/docker/compose/tls.env
index 220642919..126b48e47 100644
--- a/docker/compose/tls.env
+++ b/docker/compose/tls.env
@@ -7,7 +7,7 @@ WEED_GRPC_FILER_CERT=/etc/seaweedfs/tls/filer01.crt
 WEED_GRPC_FILER_KEY=/etc/seaweedfs/tls/filer01.key
 WEED_GRPC_CLIENT_CERT=/etc/seaweedfs/tls/client01.crt
 WEED_GRPC_CLIENT_KEY=/etc/seaweedfs/tls/client01.key
-WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
-WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01 master01 filer01 client01"
\ No newline at end of file
+WEED_GRPC_MASTER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_VOLUME_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_FILER_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
+WEED_GRPC_CLIENT_ALLOWED_COMMONNAMES="volume01,master01,filer01,client01"
\ No newline at end of file
diff --git a/weed/security/tls.go b/weed/security/tls.go
index b38745fbf..2550559bc 100644
--- a/weed/security/tls.go
+++ b/weed/security/tls.go
@@ -10,6 +10,7 @@ import (
 	"google.golang.org/grpc/peer"
 	"google.golang.org/grpc/status"
 	"io/ioutil"
+	"strings"
 
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -48,7 +49,7 @@ func LoadServerTLS(config *util.ViperProxy, component string) (grpc.ServerOption
 		ClientAuth:   tls.RequireAndVerifyClientCert,
 	})
 
-	permitCommonNames := config.GetStringSlice(component + ".allowed_commonNames")
+	permitCommonNames := strings.Split(config.GetString(component+".allowed_commonNames"), ",")
 	if len(permitCommonNames) > 0 {
 		permitCommonNamesMap := make(map[string]bool)
 		for _, s := range permitCommonNames {