From f0ce4576e18d39e6162e2cf2532b21e206bd9170 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Sun, 27 Sep 2020 14:22:41 -0400
Subject: [PATCH] Handle multiple DNS names

Each DNS name gets its own entry in the known hosts file
---
 tofu.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/tofu.go b/tofu.go
index 8052a35..bdda919 100644
--- a/tofu.go
+++ b/tofu.go
@@ -61,11 +61,14 @@ func (k *KnownHosts) LoadFrom(path string) error {
 // Add adds a certificate to the list of known hosts.
 // If KnownHosts was loaded from a file, Add will append to the file.
 func (k *KnownHosts) Add(cert *x509.Certificate) {
-	host := NewKnownHost(cert)
-	k.hosts = append(k.hosts, host)
-	// Append to the file
-	if k.file != nil {
-		host.Write(k.file)
+	// Add an entry per hostname
+	for _, name := range cert.DNSNames {
+		host := NewKnownHost(name, cert)
+		k.hosts = append(k.hosts, host)
+		// Append to the file
+		if k.file != nil {
+			host.Write(k.file)
+		}
 	}
 }
 
@@ -140,10 +143,10 @@ type KnownHost struct {
 	Expires     int64  // unix time of certificate notAfter date
 }
 
-// NewKnownHost creates a new known host from a certificate.
-func NewKnownHost(cert *x509.Certificate) KnownHost {
+// NewKnownHost creates a new known host from a hostname and a certificate.
+func NewKnownHost(hostname string, cert *x509.Certificate) KnownHost {
 	return KnownHost{
-		Hostname:    cert.Subject.CommonName,
+		Hostname:    hostname,
 		Algorithm:   "SHA-512",
 		Fingerprint: Fingerprint(cert),
 		Expires:     cert.NotAfter.Unix(),