bugfix domain fronting check

2019-10-30 08:34:54 +00:00 · 2019-10-30 08:34:54 +00:00 · 6f2c1ec5ba
commit 6f2c1ec5ba
parent 894a01fa4e
1 changed files with 14 additions and 8 deletions
--- a/https-middleware.js
+++ b/https-middleware.js
@ -111,14 +111,20 @@ SanitizeHost._checkServername = function(safeHost, tlsSocket) {
 		// TODO optimize / cache?
 		// *should* always have a string, right?
 		// *should* always be lowercase already, right?
-		if (
-			(cert.subject.CN || "").toLowerCase() !== safeHost &&
-			!(cert.subjectaltname || "").split(/,\s+/).some(function(name) {
-				// always prefixed with "DNS:"
-				return safeHost === name.slice(4).toLowerCase();
-			})
-		) {
-			return false;
+		//console.log(safeHost, cert.subject.CN, cert.subjectaltname);
+		var isSubject = (cert.subject.CN || "").toLowerCase() === safeHost;
+		if (isSubject) {
+			return true;
+		}
+
+		var dnsnames = (cert.subjectaltname || "").split(/,\s+/);
+		var inSanList = dnsnames.some(function(name) {
+			// always prefixed with "DNS:"
+			return safeHost === name.slice(4).toLowerCase();
+		});
+
+		if (isListed) {
+			return true;
 		}
 	} catch (e) {
 		// not sure what else to do in this situation...