Add wildcard certificate storage to the file backend.

Review Request #13266 — Created Sept. 7, 2023 and submitted


Review Board


This updates the file backend to allow wildcard certificates to be
stored and fetched, and to use them as a fallback if a specific
certificate cannot be found.

Normal certs are now stored in the form of {hostname}__{port}.{ext},
and wildcard certs are stored as __.{hostname}__{port}.{ext}. This
avoids issues with naming a file with a wildcard, and _ is not a valid
character in domains so it's safe to use.

Wildcards are only permitted as the first character in the name.

When fetching a certificate, the backend checks first for an an exact
hostname match. If not found, it checks for a wildcard certificate. The
resulting Certificate object will use the specific hostname, but will
refer to the wildcard storage ID.

Wildcards are not supported nor needed for CA bundles and fingerprints.

There's also no special handling of certificates that list multiple
domains without using wildcards. In this case, administrators should
upload the cert for each hostname they need individually. We don't
expect this will come up much in real usage.

All unit tests pass.

Add wildcard certificate storage to the file backend.
Description From Last Updated

line too long (80 > 79 characters) Column: 80 Error code: E501

Checks run (1 failed, 1 succeeded)
flake8 failed.
JSHint passed.


  1. Ship It!
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-6.x (f5957b2)