From 2abdfcc6656cf0aff4d7c107c10b9267f00da976 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 5 Nov 2018 00:39:04 -0700 Subject: [PATCH] v2.4.8: only do fronting checks on TLS sockets --- index.js | 3 ++- package.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index c445c43..7c61d2d 100644 --- a/index.js +++ b/index.js @@ -557,7 +557,8 @@ Greenlock.create = function (gl) { req.headers.host = host.join(':'); } - if (!gl.__sni_allow_domain_fronting) { + // Note: This sanitize function is also called on plain sockets, which don't need Domain Fronting checks + if (req.socket.encrypted && !gl.__sni_allow_domain_fronting) { if (req.socket && 'string' === typeof req.socket.servername) { // Workaround for https://github.com/nodejs/node/issues/22389 if (!gl._checkServername(safehost, req.socket.servername.toLowerCase())) { diff --git a/package.json b/package.json index 2384555..8825e1e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "greenlock", - "version": "2.4.7", + "version": "2.4.8", "description": "Let's Encrypt for node.js on npm", "main": "index.js", "files": [