coolaj86
/
greenlock-express.js
mirror of https://github.com/therootcompany/greenlock-express.js.git
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity

bugfix domain fronting check

This commit is contained in:
AJ ONeal 2019-10-30 08:34:54 +00:00
parent 894a01fa4e
commit 6f2c1ec5ba
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
https-middleware.js
View File

@ -111,14 +111,20 @@ SanitizeHost._checkServername = function(safeHost, tlsSocket) {
// TODO optimize / cache?
// *should* always have a string, right?
// *should* always be lowercase already, right?
if (
(cert.subject.CN || "").toLowerCase() !== safeHost &&
!(cert.subjectaltname || "").split(/,\s+/).some(function(name) {
// always prefixed with "DNS:"
return safeHost === name.slice(4).toLowerCase();
})
) {
return false;
//console.log(safeHost, cert.subject.CN, cert.subjectaltname);
var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
if (isSubject) {
return true;
}
var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
var inSanList = dnsnames.some(function(name) {
// always prefixed with "DNS:"
return safeHost === name.slice(4).toLowerCase();
});
if (isListed) {
return true;
}
} catch (e) {
// not sure what else to do in this situation...