From 3994c7fd5ce484850cdf2385c0a0d3811dfbc5ab Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Sat, 2 Nov 2019 20:54:09 -0600
Subject: [PATCH] output invalid and unknown sni

---
 package.json |  2 +-
 sni.js       | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 751e35d..4901f29 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@root/greenlock-express",
-    "version": "3.0.16",
+    "version": "3.0.17",
     "description": "Free SSL and managed or automatic HTTPS for node.js with Express, Koa, Connect, Hapi, and all other middleware systems.",
     "main": "greenlock-express.js",
     "homepage": "https://greenlock.domains",
diff --git a/sni.js b/sni.js
index ea79728..b8d6eb7 100644
--- a/sni.js
+++ b/sni.js
@@ -60,9 +60,20 @@ sni.create = function(greenlock, secureOpts) {
                     cb(null, secureContext);
                     return;
                 }
+
                 // Note: this does not replace tlsSocket.setSecureContext()
                 // as it only works when SNI has been sent
                 //console.log("debug sni got default context", servername, getCachedMeta(servername));
+                if (!/PROD/.test(process.env.ENV) || /DEV|STAG/.test(process.env.ENV)) {
+                    // Change this once
+                    // A) the 'notify' message passing is verified fixed in cluster mode
+                    // B) we have a good way to let people know their server isn't configured
+                    console.debug("debug: ignoring servername " + JSON.stringify(servername));
+                    console.debug("       (it's probably either missing from your config, or a bot)");
+                    notify("servername_unknown", {
+                        servername: servername
+                    });
+                }
                 cb(null, getDefaultContext());
             })
             .catch(function(err) {
@@ -110,6 +121,16 @@ sni.create = function(greenlock, secureOpts) {
     function getFreshContext(servername) {
         var meta = getCachedMeta(servername);
         if (!meta && !validServername(servername)) {
+            if ((servername && !/PROD/.test(process.env.ENV)) || /DEV|STAG/.test(process.env.ENV)) {
+                // Change this once
+                // A) the 'notify' message passing is verified fixed in cluster mode
+                // B) we have a good way to let people know their server isn't configured
+                console.debug("debug: invalid servername " + JSON.stringify(servername));
+                console.debug("       (it's probably just a bot trolling for vulnerable servers)");
+                notify("servername_invalid", {
+                    servername: servername
+                });
+            }
             return Promise.resolve(null);
         }