bugfix domain fronting check
This commit is contained in:
parent
894a01fa4e
commit
6f2c1ec5ba
|
@ -111,14 +111,20 @@ SanitizeHost._checkServername = function(safeHost, tlsSocket) {
|
||||||
// TODO optimize / cache?
|
// TODO optimize / cache?
|
||||||
// *should* always have a string, right?
|
// *should* always have a string, right?
|
||||||
// *should* always be lowercase already, right?
|
// *should* always be lowercase already, right?
|
||||||
if (
|
//console.log(safeHost, cert.subject.CN, cert.subjectaltname);
|
||||||
(cert.subject.CN || "").toLowerCase() !== safeHost &&
|
var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
|
||||||
!(cert.subjectaltname || "").split(/,\s+/).some(function(name) {
|
if (isSubject) {
|
||||||
// always prefixed with "DNS:"
|
return true;
|
||||||
return safeHost === name.slice(4).toLowerCase();
|
}
|
||||||
})
|
|
||||||
) {
|
var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
|
||||||
return false;
|
var inSanList = dnsnames.some(function(name) {
|
||||||
|
// always prefixed with "DNS:"
|
||||||
|
return safeHost === name.slice(4).toLowerCase();
|
||||||
|
});
|
||||||
|
|
||||||
|
if (isListed) {
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
// not sure what else to do in this situation...
|
// not sure what else to do in this situation...
|
||||||
|
|
Loading…
Reference in New Issue