mirror of
https://github.com/therootcompany/greenlock.js.git
synced 2024-11-16 17:29:00 +00:00
Compare commits
5 Commits
a612f4f98b
...
61715ab952
| Author | SHA1 | Date | |
|---|---|---|---|
| 61715ab952 | |||
| 56ec8cbd36 | |||
| 37d9ac0436 | |||
| 7ee525018c | |||
| 382a7cc4a9 |
9
index.js
9
index.js
@ -3,6 +3,7 @@
|
|||||||
var DAY = 24 * 60 * 60 * 1000;
|
var DAY = 24 * 60 * 60 * 1000;
|
||||||
//var MIN = 60 * 1000;
|
//var MIN = 60 * 1000;
|
||||||
var ACME = require('acme-v2/compat').ACME;
|
var ACME = require('acme-v2/compat').ACME;
|
||||||
|
var pkg = require('./package.json');
|
||||||
var PromiseA;
|
var PromiseA;
|
||||||
try {
|
try {
|
||||||
PromiseA = require('bluebird');
|
PromiseA = require('bluebird');
|
||||||
@ -123,6 +124,11 @@ Greenlock.create = function (gl) {
|
|||||||
gl.challengeType = gl.challengeType || Greenlock.challengeType;
|
gl.challengeType = gl.challengeType || Greenlock.challengeType;
|
||||||
gl._ipc = ipc;
|
gl._ipc = ipc;
|
||||||
gl._communityPackage = gl._communityPackage || 'greenlock.js';
|
gl._communityPackage = gl._communityPackage || 'greenlock.js';
|
||||||
|
if ('greenlock.js' === gl._communityPackage) {
|
||||||
|
gl._communityPackageVersion = pkg.version;
|
||||||
|
} else {
|
||||||
|
gl._communityPackageVersion = gl._communityPackageVersion || ('greenlock.js-' + pkg.version);
|
||||||
|
}
|
||||||
gl.agreeToTerms = gl.agreeToTerms || function (args, agreeCb) {
|
gl.agreeToTerms = gl.agreeToTerms || function (args, agreeCb) {
|
||||||
agreeCb(new Error("'agreeToTerms' was not supplied to Greenlock and 'agreeTos' was not supplied to Greenlock.register"));
|
agreeCb(new Error("'agreeToTerms' was not supplied to Greenlock and 'agreeTos' was not supplied to Greenlock.register"));
|
||||||
};
|
};
|
||||||
@ -392,7 +398,8 @@ Greenlock.create = function (gl) {
|
|||||||
lexOpts.domains = gl.approvedDomains.slice(0);
|
lexOpts.domains = gl.approvedDomains.slice(0);
|
||||||
lexOpts.email = gl.email;
|
lexOpts.email = gl.email;
|
||||||
lexOpts.agreeTos = gl.agreeTos;
|
lexOpts.agreeTos = gl.agreeTos;
|
||||||
lexOpts.communityMember = lexOpts.communityMember;
|
lexOpts.communityMember = gl.communityMember;
|
||||||
|
lexOpts.telemetry = gl.telemetry;
|
||||||
return cb(null, { options: lexOpts, certs: certs });
|
return cb(null, { options: lexOpts, certs: certs });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
function addCommunityMember(pkg, action, email, domains, communityMember) {
|
function addCommunityMember(opts) {
|
||||||
|
// { name, version, email, domains, action, communityMember, telemetry }
|
||||||
setTimeout(function () {
|
setTimeout(function () {
|
||||||
var https = require('https');
|
var https = require('https');
|
||||||
var req = https.request({
|
var req = https.request({
|
||||||
@ -15,19 +16,27 @@ function addCommunityMember(pkg, action, email, domains, communityMember) {
|
|||||||
if (err) { return; }
|
if (err) { return; }
|
||||||
resp.on('data', function () {});
|
resp.on('data', function () {});
|
||||||
});
|
});
|
||||||
|
var os = require('os');
|
||||||
var data = {
|
var data = {
|
||||||
address: email
|
address: opts.email
|
||||||
// greenlock-security is transactional and security only
|
// greenlock-security is transactional and security only
|
||||||
, list: communityMember ? (pkg + '@ppl.family') : 'greenlock-security@ppl.family'
|
, list: opts.communityMember ? (opts.name + '@ppl.family') : 'greenlock-security@ppl.family'
|
||||||
, action: action // reg | renew
|
, action: opts.action // reg | renew
|
||||||
, package: pkg
|
, package: opts.name
|
||||||
// hashed for privacy, but so we can still get some telemetry and inform users
|
// hashed for privacy, but so we can still get some telemetry and inform users
|
||||||
// if abnormal things are happening (like several registrations for the same domain each day)
|
// if abnormal things are happening (like several registrations for the same domain each day)
|
||||||
, domain: (domains||[]).map(function (d) {
|
, domain: (opts.domains||[]).map(function (d) {
|
||||||
return require('crypto').createHash('sha1').update(d).digest('base64')
|
return require('crypto').createHash('sha1').update(d).digest('base64')
|
||||||
.replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '');
|
.replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '');
|
||||||
}).join(',')
|
}).join(',')
|
||||||
};
|
};
|
||||||
|
if (false !== opts.telemetry) {
|
||||||
|
data.arch = process.arch || os.arch();
|
||||||
|
data.platform = process.platform || os.platform();
|
||||||
|
data.release = os.release();
|
||||||
|
data.version = opts.version;
|
||||||
|
data.node = process.version;
|
||||||
|
}
|
||||||
req.write(JSON.stringify(data, 2, null));
|
req.write(JSON.stringify(data, 2, null));
|
||||||
req.end();
|
req.end();
|
||||||
}, 50);
|
}, 50);
|
||||||
|
|||||||
37
lib/core.js
37
lib/core.js
@ -352,17 +352,8 @@ module.exports.create = function (gl) {
|
|||||||
// or we're forcing a refresh via 'dupliate: true'
|
// or we're forcing a refresh via 'dupliate: true'
|
||||||
log(args.debug, "Renewing!");
|
log(args.debug, "Renewing!");
|
||||||
|
|
||||||
// TODO fetch email address / accountId (accountBydomain) if not present
|
if (!args.domains || !args.domains.length) {
|
||||||
// store.config.getAsync(args.domains).then(function (config) { /*...*/ });
|
args.domains = args.servernames || [certs.subject].concat(certs.altnames);
|
||||||
if (!args.domains || (args.domains.length || 0) <= 2) {
|
|
||||||
// this is a renewal, therefore we should renewal ALL of the domains
|
|
||||||
// associated with this certificate, unless args.domains is a list larger
|
|
||||||
// than example.com,www.example.com
|
|
||||||
// TODO check www. prefix
|
|
||||||
args.domains = certs.altnames;
|
|
||||||
if (Array.isArray(certs.domains) && certs.domains.length) {
|
|
||||||
args.domains = certs.domains;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return core.certificates.registerAsync(args);
|
return core.certificates.registerAsync(args);
|
||||||
@ -410,7 +401,17 @@ module.exports.create = function (gl) {
|
|||||||
if (false !== args.securityUpdates && !args._communityMemberAdded) {
|
if (false !== args.securityUpdates && !args._communityMemberAdded) {
|
||||||
try {
|
try {
|
||||||
// We will notify all greenlock users of mandatory and security updates
|
// We will notify all greenlock users of mandatory and security updates
|
||||||
require('./community').add(args._communityPackage, 'reg', args.email, args.domains, args.communityMember);
|
// We'll keep track of versions and os so we can make sure things work well
|
||||||
|
// { name, version, email, domains, action, communityMember, telemetry }
|
||||||
|
require('./community').add({
|
||||||
|
name: args._communityPackage
|
||||||
|
, version: args._communityPackageVersion
|
||||||
|
, email: args.email
|
||||||
|
, domains: args.domains || args.servernames
|
||||||
|
, action: 'reg'
|
||||||
|
, communityMember: args.communityMember
|
||||||
|
, telemetry: args.telemetry
|
||||||
|
});
|
||||||
} catch(e) { /* ignore */ }
|
} catch(e) { /* ignore */ }
|
||||||
args._communityMemberAdded = true;
|
args._communityMemberAdded = true;
|
||||||
}
|
}
|
||||||
@ -422,7 +423,17 @@ module.exports.create = function (gl) {
|
|||||||
if (false !== args.securityUpdates && !args._communityMemberAdded) {
|
if (false !== args.securityUpdates && !args._communityMemberAdded) {
|
||||||
try {
|
try {
|
||||||
// We will notify all greenlock users of mandatory and security updates
|
// We will notify all greenlock users of mandatory and security updates
|
||||||
require('./community').add(args._communityPackage, 'renew', args.email, args.domains, args.communityMember);
|
// We'll keep track of versions and os so we can make sure things work well
|
||||||
|
// { name, version, email, domains, action, communityMember, telemetry }
|
||||||
|
require('./community').add({
|
||||||
|
name: args._communityPackage
|
||||||
|
, version: args._communityPackageVersion
|
||||||
|
, email: args.email
|
||||||
|
, domains: args.domains || args.servernames
|
||||||
|
, action: 'renew'
|
||||||
|
, communityMember: args.communityMember
|
||||||
|
, telemetry: args.telemetry
|
||||||
|
});
|
||||||
} catch(e) { /* ignore */ }
|
} catch(e) { /* ignore */ }
|
||||||
args._communityMemberAdded = true;
|
args._communityMemberAdded = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "greenlock",
|
"name": "greenlock",
|
||||||
"version": "2.4.8",
|
"version": "2.4.9",
|
||||||
"description": "Let's Encrypt for node.js on npm",
|
"description": "Let's Encrypt for node.js on npm",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"files": [
|
"files": [
|
||||||
|
|||||||
@ -5,9 +5,14 @@ set -e
|
|||||||
# following domains are listed on the same certificate as either subject or altnames:
|
# following domains are listed on the same certificate as either subject or altnames:
|
||||||
# test.ppl.family, www.test.ppl.family, test.greenlock.domains, www.test.greenlock.domains
|
# test.ppl.family, www.test.ppl.family, test.greenlock.domains, www.test.greenlock.domains
|
||||||
|
|
||||||
curl -sf https://test.ppl.family | grep -i Hello >/dev/null && echo "PASS no servername" || echo "FAIL no servername"
|
# -k for insecure to allow staging certificates
|
||||||
curl -sf https://test.ppl.family -H "Host: test.ppl.family" | grep -i Hello >/dev/null && echo "PASS same servername" || echo "FAIL same servername"
|
curl -k -sf https://test.ppl.family | grep -i Hello >/dev/null && echo "PASS no servername" || echo "FAIL no servername"
|
||||||
curl -sf https://test.ppl.family -H "Host: www.test.ppl.family" | grep -i Hello >/dev/null && echo "PASS similar altnames" || echo "FAIL similar altnames"
|
curl -k -sf https://test.ppl.family -H "Host: test.ppl.family" | grep -i Hello >/dev/null && echo "PASS same servername" || echo "FAIL same servername"
|
||||||
curl -sf https://test.ppl.family -H "Host: www.test.greenlock.domains" | grep -i Hello >/dev/null && echo "PASS full altnames" || echo "FAIL full altnames"
|
curl -k -sf https://test.ppl.family -H "Host: www.test.ppl.family" | grep -i Hello >/dev/null && echo "PASS similar altnames" || echo "FAIL similar altnames"
|
||||||
curl -s https://test.ppl.family -H "Host: example.com" | grep -i 'Domain Fronting' >/dev/null && echo "PASS detect fronting" || echo "FAIL detect fronting"
|
curl -k -sf https://test.ppl.family -H "Host: www.test.greenlock.domains" | grep -i Hello >/dev/null && echo "PASS full altnames" || echo "FAIL full altnames"
|
||||||
|
|
||||||
|
curl -k -sf https://test.greenlock.domains -H "Host: test.greenlock.domains" | grep -i Hello >/dev/null && echo "PASS use altname first" || echo "FAIL altname only"
|
||||||
|
curl -k -sf https://test.greenlock.domains -H "Host: test.ppl.family" | grep -i Hello >/dev/null && echo "PASS use altname, pass subject" || echo "FAIL sub + altname"
|
||||||
|
|
||||||
|
curl -k -s https://test.ppl.family -H "Host: example.com" | grep -i 'Domain Fronting' >/dev/null && echo "PASS detect fronting" || echo "FAIL detect fronting"
|
||||||
echo "PASS ALL"
|
echo "PASS ALL"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user