From 3994c7fd5ce484850cdf2385c0a0d3811dfbc5ab Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 2 Nov 2019 20:54:09 -0600 Subject: [PATCH] output invalid and unknown sni --- package.json | 2 +- sni.js | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 751e35d..4901f29 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@root/greenlock-express", - "version": "3.0.16", + "version": "3.0.17", "description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.", "main": "greenlock-express.js", "homepage": "https://greenlock.domains", diff --git a/sni.js b/sni.js index ea79728..b8d6eb7 100644 --- a/sni.js +++ b/sni.js @@ -60,9 +60,20 @@ sni.create = function(greenlock, secureOpts) { cb(null, secureContext); return; } + // Note: this does not replace tlsSocket.setSecureContext() // as it only works when SNI has been sent //console.log("debug sni got default context", servername, getCachedMeta(servername)); + if (!/PROD/.test(process.env.ENV) || /DEV|STAG/.test(process.env.ENV)) { + // Change this once + // A) the 'notify' message passing is verified fixed in cluster mode + // B) we have a good way to let people know their server isn't configured + console.debug("debug: ignoring servername " + JSON.stringify(servername)); + console.debug(" (it's probably either missing from your config, or a bot)"); + notify("servername_unknown", { + servername: servername + }); + } cb(null, getDefaultContext()); }) .catch(function(err) { @@ -110,6 +121,16 @@ sni.create = function(greenlock, secureOpts) { function getFreshContext(servername) { var meta = getCachedMeta(servername); if (!meta && !validServername(servername)) { + if ((servername && !/PROD/.test(process.env.ENV)) || /DEV|STAG/.test(process.env.ENV)) { + // Change this once + // A) the 'notify' message passing is verified fixed in cluster mode + // B) we have a good way to let people know their server isn't configured + console.debug("debug: invalid servername " + JSON.stringify(servername)); + console.debug(" (it's probably just a bot trolling for vulnerable servers)"); + notify("servername_invalid", { + servername: servername + }); + } return Promise.resolve(null); }