From 27265df6671568a0873df4f666cc77ac1a8dba66 Mon Sep 17 00:00:00 2001
From: atisne <aurelien.tisne@csgroup.eu>
Date: Fri, 18 Dec 2020 10:28:58 +0100
Subject: [PATCH] Wrong SANS when domain contains a minus character

A regexp to extract 'Subject Alternative Name' doesn't work when the domain use a minus character.

For grep regexp, to lose its special meaning inside brackets, the minus character must be placed in the first or last position in the list.

https://www.gnu.org/software/grep/manual/grep.html#Character-Classes-and-Bracket-Expressions
---
 getssl | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/getssl b/getssl
index f509060..0caa2a4 100755
--- a/getssl
+++ b/getssl
@@ -2578,11 +2578,10 @@ if [[ ${_CREATE_CONFIG} -eq 1 ]]; then
       | openssl x509 2>/dev/null)
     EX_SANS="www.${DOMAIN##\*.}"
     if [[ -n "${EX_CERT}" ]]; then
-      # Putting this inside the EX_SANS line below doesn't work on Centos7
       escaped_d=${DOMAIN/\*/\\\*}
       EX_SANS=$(echo "$EX_CERT" \
         | openssl x509 -noout -text 2>/dev/null| grep "Subject Alternative Name" -A2 \
-        | grep -Eo "DNS:[a-zA-Z 0-9.-\*]*" | sed "s@DNS:${escaped_d}@@g" | grep -v '^$' | cut -c 5-)
+        | grep -Eo "DNS:[a-zA-Z 0-9.\*-]*" | sed "s@DNS:${escaped_d}@@g" | grep -v '^$' | cut -c 5-)
       EX_SANS=${EX_SANS//$'\n'/','}
     fi
     if [[ -n "${EX_SANS}" ]]; then