coolaj86
/
greenlock.js
mirror of https://github.com/therootcompany/greenlock.js.git
1
0
Fork 0
Code Projects Releases Wiki Activity

v2.3.9 add options __sni_allow_dangerous_names and __sni_prerve_case

This commit is contained in:
AJ ONeal 2018-08-15 23:23:39 -06:00
parent 1abd3e43de
commit 20e8d09219
3 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -443,6 +443,14 @@ The following variables will be tempalted in any strings passed to the options o
* `~/` replaced with `os.homedir()` i.e. `/Users/aj`
* `:hostname` replaced with the first domain in the list i.e. `example.com`
### Dangerous Options
By default SNI is made to lowercase and is automatically rejected if it contains invalid characters for a domain.
This behavior can be modified:
* `__dns_allow_dangerous_names` allow SNI names like "Robert'); DROP TABLE Students;"
* `__dns_preserve_case` passes SNI names such as "ExAMpLE.coM" without converting to lower case
Developer API
-------------

9
index.js
View File

@ -432,20 +432,21 @@ Greenlock.create = function (gl) {
if (gl.sni.create) {
gl.sni = gl.sni.create(gl);
}
gl.tlsOptions.SNICallback = function (domain, cb) {
gl.tlsOptions.SNICallback = function (_domain, cb) {
// format and (lightly) sanitize sni so that users can be naive
// and not have to worry about SQL injection or fs discovery
domain = (domain||'').toLowerCase();
var domain = (_domain||'').toLowerCase();
// hostname labels allow a-z, 0-9, -, and are separated by dots
// _ is sometimes allowed
if (!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf('..')) {
// REGEX // https://www.codeproject.com/Questions/1063023/alphanumeric-validation-javascript-without-regex
if (!gl.__sni_allow_dangerous_names && (!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf('..'))) {
log(gl.debug, "invalid sni '" + domain + "'");
cb(new Error("invalid SNI"));
return;
}
try {
gl.sni.sniCallback(domain, cb);
gl.sni.sniCallback(gl.__sni_preserve_case && _domain || domain, cb);
} catch(e) {
console.error("[ERROR] Something went wrong in the SNICallback:");
console.error(e);

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "greenlock",
"version": "2.3.8",
"version": "2.3.9",
"description": "Let's Encrypt for node.js on npm",
"main": "index.js",
"files": [