diff --git a/va/validation-authority.go b/va/validation-authority.go index f76622ec9..ea2cf456a 100644 --- a/va/validation-authority.go +++ b/va/validation-authority.go @@ -17,6 +17,7 @@ import ( "net" "net/http" "net/url" + "strconv" "strings" "time" @@ -153,19 +154,26 @@ func (d *dialer) Dial(_, _ string) (net.Conn, error) { // resolveAndConstructDialer gets the prefered address using va.getAddr and returns // the chosen address and dialer for that address and correct port. -func (va ValidationAuthorityImpl) resolveAndConstructDialer(name, port string) (dialer, *core.ProblemDetails) { - addr, allAddrs, err := va.getAddr(name) - if err != nil { - return dialer{}, err +func (va ValidationAuthorityImpl) resolveAndConstructDialer(name, defaultPort string) (dialer, *core.ProblemDetails) { + port := "80" + if va.TestMode { + port = "5001" + } else if defaultPort != "" { + port = defaultPort } d := dialer{ record: core.ValidationRecord{ - Hostname: name, - Port: port, - AddressesResolved: allAddrs, - AddressUsed: addr, + Hostname: name, + Port: port, }, } + + addr, allAddrs, err := va.getAddr(name) + if err != nil { + return d, err + } + d.record.AddressesResolved = allAddrs + d.record.AddressUsed = addr return d, nil } @@ -217,10 +225,8 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif } httpRequest.Host = hostName - port := "80" - if va.TestMode { - port = "5001" - } else if strings.ToLower(scheme) == "https" { + var port string + if scheme == "https" { port = "443" } dialer, prob := va.resolveAndConstructDialer(hostName, port) @@ -250,22 +256,24 @@ func (va ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdentif } host := req.URL.Host - port = "80" - if va.TestMode { - port = "5001" - } + port = "" if strings.Contains(host, ":") { splitHost := strings.SplitN(host, ":", 2) if len(splitHost) <= 1 { return fmt.Errorf("Malformed host") } host, port = splitHost[0], splitHost[1] - if port < 0 || port > 65535 { + portNum, err := strconv.Atoi(port) + if err != nil { + return err + } + if portNum < 0 || portNum > 65535 { return fmt.Errorf("Invalid port number in redirect") } } else if strings.ToLower(req.URL.Scheme) == "https" { port = "443" } + dialer, err := va.resolveAndConstructDialer(host, port) dialer.record.URL = req.URL.String() challenge.ValidationRecord = append(challenge.ValidationRecord, dialer.record) diff --git a/va/validation-authority_test.go b/va/validation-authority_test.go index b7c832b1a..2c725eab1 100644 --- a/va/validation-authority_test.go +++ b/va/validation-authority_test.go @@ -87,7 +87,7 @@ func simpleSrv(t *testing.T, token string, stopChan, waitChan chan bool, enableT currentToken := defaultToken m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - if r.Host != "localhost" && r.Host != "other.valid" { + if r.Host != "localhost" && r.Host != "other.valid" && r.Host != "other.valid:8080" { t.Errorf("Bad Host header: " + r.Host) } if strings.HasSuffix(r.URL.Path, path404) { @@ -410,6 +410,7 @@ func TestSimpleHttpRedirectLookup(t *testing.T) { log.Clear() chall.Token = pathRedirectPort finChall, err = va.validateSimpleHTTP(ident, chall, AccountKey) + fmt.Println(finChall.ValidationRecord) test.AssertEquals(t, finChall.Status, core.StatusInvalid) test.AssertError(t, err, chall.Token) test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/port-redirect" to ".*other.valid:8080/path"`)), 1)