output invalid and unknown sni

This commit is contained in:
AJ ONeal 2019-11-02 20:54:09 -06:00
parent 4482e97dcb
commit 3994c7fd5c
2 changed files with 22 additions and 1 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "@root/greenlock-express", "name": "@root/greenlock-express",
"version": "3.0.16", "version": "3.0.17",
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.", "description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
"main": "greenlock-express.js", "main": "greenlock-express.js",
"homepage": "https://greenlock.domains", "homepage": "https://greenlock.domains",

21
sni.js
View File

@ -60,9 +60,20 @@ sni.create = function(greenlock, secureOpts) {
cb(null, secureContext); cb(null, secureContext);
return; return;
} }
// Note: this does not replace tlsSocket.setSecureContext() // Note: this does not replace tlsSocket.setSecureContext()
// as it only works when SNI has been sent // as it only works when SNI has been sent
//console.log("debug sni got default context", servername, getCachedMeta(servername)); //console.log("debug sni got default context", servername, getCachedMeta(servername));
if (!/PROD/.test(process.env.ENV) || /DEV|STAG/.test(process.env.ENV)) {
// Change this once
// A) the 'notify' message passing is verified fixed in cluster mode
// B) we have a good way to let people know their server isn't configured
console.debug("debug: ignoring servername " + JSON.stringify(servername));
console.debug(" (it's probably either missing from your config, or a bot)");
notify("servername_unknown", {
servername: servername
});
}
cb(null, getDefaultContext()); cb(null, getDefaultContext());
}) })
.catch(function(err) { .catch(function(err) {
@ -110,6 +121,16 @@ sni.create = function(greenlock, secureOpts) {
function getFreshContext(servername) { function getFreshContext(servername) {
var meta = getCachedMeta(servername); var meta = getCachedMeta(servername);
if (!meta && !validServername(servername)) { if (!meta && !validServername(servername)) {
if ((servername && !/PROD/.test(process.env.ENV)) || /DEV|STAG/.test(process.env.ENV)) {
// Change this once
// A) the 'notify' message passing is verified fixed in cluster mode
// B) we have a good way to let people know their server isn't configured
console.debug("debug: invalid servername " + JSON.stringify(servername));
console.debug(" (it's probably just a bot trolling for vulnerable servers)");
notify("servername_invalid", {
servername: servername
});
}
return Promise.resolve(null); return Promise.resolve(null);
} }