From 4e7fb80bcd4ebb2702e74d0fa95b003967abda72 Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.so>
Date: Tue, 11 Jul 2017 00:35:51 +0200
Subject: [PATCH] support otherName SAN entries for domain verification (fixes
 #356)

---
 dehydrated | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dehydrated b/dehydrated
index f66e54d..84adfe3 100755
--- a/dehydrated
+++ b/dehydrated
@@ -484,11 +484,11 @@ extract_altnames() {
     # shellcheck disable=SC1003
     altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /\'$'\n''/g' )"
     # we can only get DNS: ones signed
-    if grep -qv '^DNS:' <<<"${altnames}"; then
+    if grep -qEv '^(DNS|othername):' <<<"${altnames}"; then
       _exiterr "Certificate signing request contains non-DNS Subject Alternative Names"
     fi
     # strip away the DNS: prefix
-    altnames="$( <<<"${altnames}" _sed -e 's/^DNS://' )"
+    altnames="$( <<<"${altnames}" _sed -e 's/^(DNS:|othername:<unsupported>)//' )"
     echo "${altnames}"
 
   else