output invalid and unknown sni
This commit is contained in:
parent
4482e97dcb
commit
3994c7fd5c
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"name": "@root/greenlock-express",
|
"name": "@root/greenlock-express",
|
||||||
"version": "3.0.16",
|
"version": "3.0.17",
|
||||||
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
|
"description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
|
||||||
"main": "greenlock-express.js",
|
"main": "greenlock-express.js",
|
||||||
"homepage": "https://greenlock.domains",
|
"homepage": "https://greenlock.domains",
|
||||||
|
|
21
sni.js
21
sni.js
|
@ -60,9 +60,20 @@ sni.create = function(greenlock, secureOpts) {
|
||||||
cb(null, secureContext);
|
cb(null, secureContext);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note: this does not replace tlsSocket.setSecureContext()
|
// Note: this does not replace tlsSocket.setSecureContext()
|
||||||
// as it only works when SNI has been sent
|
// as it only works when SNI has been sent
|
||||||
//console.log("debug sni got default context", servername, getCachedMeta(servername));
|
//console.log("debug sni got default context", servername, getCachedMeta(servername));
|
||||||
|
if (!/PROD/.test(process.env.ENV) || /DEV|STAG/.test(process.env.ENV)) {
|
||||||
|
// Change this once
|
||||||
|
// A) the 'notify' message passing is verified fixed in cluster mode
|
||||||
|
// B) we have a good way to let people know their server isn't configured
|
||||||
|
console.debug("debug: ignoring servername " + JSON.stringify(servername));
|
||||||
|
console.debug(" (it's probably either missing from your config, or a bot)");
|
||||||
|
notify("servername_unknown", {
|
||||||
|
servername: servername
|
||||||
|
});
|
||||||
|
}
|
||||||
cb(null, getDefaultContext());
|
cb(null, getDefaultContext());
|
||||||
})
|
})
|
||||||
.catch(function(err) {
|
.catch(function(err) {
|
||||||
|
@ -110,6 +121,16 @@ sni.create = function(greenlock, secureOpts) {
|
||||||
function getFreshContext(servername) {
|
function getFreshContext(servername) {
|
||||||
var meta = getCachedMeta(servername);
|
var meta = getCachedMeta(servername);
|
||||||
if (!meta && !validServername(servername)) {
|
if (!meta && !validServername(servername)) {
|
||||||
|
if ((servername && !/PROD/.test(process.env.ENV)) || /DEV|STAG/.test(process.env.ENV)) {
|
||||||
|
// Change this once
|
||||||
|
// A) the 'notify' message passing is verified fixed in cluster mode
|
||||||
|
// B) we have a good way to let people know their server isn't configured
|
||||||
|
console.debug("debug: invalid servername " + JSON.stringify(servername));
|
||||||
|
console.debug(" (it's probably just a bot trolling for vulnerable servers)");
|
||||||
|
notify("servername_invalid", {
|
||||||
|
servername: servername
|
||||||
|
});
|
||||||
|
}
|
||||||
return Promise.resolve(null);
|
return Promise.resolve(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue