From 2abdfcc6656cf0aff4d7c107c10b9267f00da976 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Mon, 5 Nov 2018 00:39:04 -0700
Subject: [PATCH] v2.4.8: only do fronting checks on TLS sockets

---
 index.js     | 3 ++-
 package.json | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index c445c43..7c61d2d 100644
--- a/index.js
+++ b/index.js
@@ -557,7 +557,8 @@ Greenlock.create = function (gl) {
         req.headers.host = host.join(':');
       }
 
-      if (!gl.__sni_allow_domain_fronting) {
+      // Note: This sanitize function is also called on plain sockets, which don't need Domain Fronting checks
+      if (req.socket.encrypted && !gl.__sni_allow_domain_fronting) {
         if (req.socket && 'string' === typeof req.socket.servername) {
           // Workaround for https://github.com/nodejs/node/issues/22389
           if (!gl._checkServername(safehost, req.socket.servername.toLowerCase())) {
diff --git a/package.json b/package.json
index 2384555..8825e1e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "greenlock",
-  "version": "2.4.7",
+  "version": "2.4.8",
   "description": "Let's Encrypt for node.js on npm",
   "main": "index.js",
   "files": [