coolaj86
/
greenlock.js
mirror of https://github.com/therootcompany/greenlock.js
1
0
Fork 0
Code Projects Releases Wiki Activity
Browse Source

v2.3.9 add options __sni_allow_dangerous_names and __sni_prerve_case

v2.3 v2.3.9
AJ ONeal 6 years ago
parent
1abd3e43de
commit
20e8d09219
3 changed files with 14 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      README.md
  2. 9
      index.js
  3. 2
      package.json

8
README.md
View File

@ -443,6 +443,14 @@ The following variables will be tempalted in any strings passed to the options o
* `~/` replaced with `os.homedir()` i.e. `/Users/aj`
* `:hostname` replaced with the first domain in the list i.e. `example.com`
### Dangerous Options
By default SNI is made to lowercase and is automatically rejected if it contains invalid characters for a domain.
This behavior can be modified:
* `__dns_allow_dangerous_names` allow SNI names like "Robert'); DROP TABLE Students;"
* `__dns_preserve_case` passes SNI names such as "ExAMpLE.coM" without converting to lower case
Developer API
-------------

9
index.js
View File

@ -432,20 +432,21 @@ Greenlock.create = function (gl) {
if (gl.sni.create) {
gl.sni = gl.sni.create(gl);
}
gl.tlsOptions.SNICallback = function (domain, cb) {
gl.tlsOptions.SNICallback = function (_domain, cb) {
// format and (lightly) sanitize sni so that users can be naive
// and not have to worry about SQL injection or fs discovery
domain = (domain||'').toLowerCase();
var domain = (_domain||'').toLowerCase();
// hostname labels allow a-z, 0-9, -, and are separated by dots
// _ is sometimes allowed
if (!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf('..')) {
// REGEX // https://www.codeproject.com/Questions/1063023/alphanumeric-validation-javascript-without-regex
if (!gl.__sni_allow_dangerous_names && (!/^[a-z0-9_\.\-]+$/i.test(domain) || -1 !== domain.indexOf('..'))) {
log(gl.debug, "invalid sni '" + domain + "'");
cb(new Error("invalid SNI"));
return;
}
try {
gl.sni.sniCallback(domain, cb);
gl.sni.sniCallback(gl.__sni_preserve_case && _domain || domain, cb);
} catch(e) {
console.error("[ERROR] Something went wrong in the SNICallback:");
console.error(e);

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "greenlock",
"version": "2.3.8",
"version": "2.3.9",
"description": "Let's Encrypt for node.js on npm",
"main": "index.js",
"files": [

Write Preview
Loading…
Cancel
Save