coolaj86/greenlock-express.js
1
0
Fork 0
mirror of https://github.com/therootcompany/greenlock-express.js.git synced 2024-11-16 17:28:59 +00:00
Code Issues 1 Projects Releases Wiki Activity

bugfix domain fronting check

Browse Source
This commit is contained in:
AJ ONeal 2019-10-30 08:34:54 +00:00
parent 894a01fa4e
commit 6f2c1ec5ba
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
https-middleware.js
View File

@ -111,14 +111,20 @@ SanitizeHost._checkServername = function(safeHost, tlsSocket) {
// TODO optimize / cache? // TODO optimize / cache?
// *should* always have a string, right? // *should* always have a string, right?
// *should* always be lowercase already, right? // *should* always be lowercase already, right?
if ( //console.log(safeHost, cert.subject.CN, cert.subjectaltname);
(cert.subject.CN || "").toLowerCase() !== safeHost && var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
!(cert.subjectaltname || "").split(/,\s+/).some(function(name) { if (isSubject) {
// always prefixed with "DNS:" return true;
return safeHost === name.slice(4).toLowerCase(); }
})
) { var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
return false; var inSanList = dnsnames.some(function(name) {
// always prefixed with "DNS:"
return safeHost === name.slice(4).toLowerCase();
});
if (isListed) {
return true;
} }
} catch (e) { } catch (e) {
// not sure what else to do in this situation... // not sure what else to do in this situation...