diff --git a/va/va.go b/va/va.go index 8efc4336e..edab5accd 100644 --- a/va/va.go +++ b/va/va.go @@ -230,6 +230,7 @@ func (va *ValidationAuthorityImpl) fetchHTTP(ctx context.Context, identifier cor req.Header["User-Agent"] = []string{va.userAgent} } + urlHost = req.URL.Host reqHost := req.URL.Host var reqPort int if h, p, err := net.SplitHostPort(reqHost); err == nil { @@ -266,7 +267,7 @@ func (va *ValidationAuthorityImpl) fetchHTTP(ctx context.Context, identifier cor if err != nil { va.log.Info(fmt.Sprintf("HTTP request to %s failed. err=[%#v] errStr=[%s]", url, err, err)) return nil, validationRecords, - parseHTTPConnError(fmt.Sprintf("Could not connect to %s", url), err) + parseHTTPConnError(fmt.Sprintf("Could not connect to %s", urlHost), err) } body, err := ioutil.ReadAll(&io.LimitedReader{R: httpResponse.Body, N: maxResponseSize}) diff --git a/va/va_test.go b/va/va_test.go index 19cb3be19..edc879b61 100644 --- a/va/va_test.go +++ b/va/va_test.go @@ -71,6 +71,7 @@ const expectedToken = "LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0" const expectedKeyAuthorization = "LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI" const pathWrongToken = "i6lNAC4lOOLYCl-A08VJt9z_tKYvVk63Dumo8icsBjQ" const path404 = "404" +const path500 = "500" const pathFound = "GBq8SwWq3JsbREFdCamk5IX3KLsxW5ULeGs98Ajl_UM" const pathMoved = "5J4FIMrWNfmvHZo-QpKZngmuhqZGwRm21-oEgUDstJM" const pathRedirectPort = "port-redirect" @@ -78,6 +79,7 @@ const pathWait = "wait" const pathWaitLong = "wait-long" const pathReLookup = "7e-P57coLM7D3woNTp_xbJrtlkDYy6PWf3mSSbLwCr4" const pathReLookupInvalid = "re-lookup-invalid" +const pathRedirectToFailingURL = "re-to-failing-url" const pathLooper = "looper" const pathValid = "valid" const rejectUserAgent = "rejectMe" @@ -96,6 +98,9 @@ func httpSrv(t *testing.T, token string) *httptest.Server { if strings.HasSuffix(r.URL.Path, path404) { t.Logf("HTTPSRV: Got a 404 req\n") http.NotFound(w, r) + } else if strings.HasSuffix(r.URL.Path, path500) { + t.Logf("HTTPSRV: Got a 500 req\n") + http.Error(w, "Internal Server Error", http.StatusInternalServerError) } else if strings.HasSuffix(r.URL.Path, pathMoved) { t.Logf("HTTPSRV: Got a 301 redirect req\n") if currentToken == defaultToken { @@ -125,6 +130,9 @@ func httpSrv(t *testing.T, token string) *httptest.Server { } else if strings.HasSuffix(r.URL.Path, pathReLookupInvalid) { t.Logf("HTTPSRV: Got a redirect req to an invalid hostname\n") http.Redirect(w, r, "http://invalid.invalid/path", 302) + } else if strings.HasSuffix(r.URL.Path, pathRedirectToFailingURL) { + t.Logf("HTTPSRV: Redirecting to a URL that will fail\n") + http.Redirect(w, r, fmt.Sprintf("http://other.valid/%s", path500), 301) } else if strings.HasSuffix(r.URL.Path, pathLooper) { t.Logf("HTTPSRV: Got a loop req\n") http.Redirect(w, r, r.URL.String(), 301) @@ -347,6 +355,15 @@ func TestHTTPRedirectLookup(t *testing.T) { test.AssertEquals(t, len(log.GetAllMatching(`redirect from ".*/port-redirect" to ".*other.valid:8080/path"`)), 1) test.AssertEquals(t, len(log.GetAllMatching(`Resolved addresses for localhost \[using 127.0.0.1\]: \[127.0.0.1\]`)), 1) test.AssertEquals(t, len(log.GetAllMatching(`Resolved addresses for other.valid \[using 127.0.0.1\]: \[127.0.0.1\]`)), 1) + + // This case will redirect from a valid host to a host that is throwing + // HTTP 500 errors. The test case is ensuring that the connection error + // is referencing the redirected to host, instead of the original host. + log.Clear() + setChallengeToken(&chall, pathRedirectToFailingURL) + _, prob = va.validateHTTP01(ctx, ident, chall) + test.AssertNotNil(t, prob, "Problem Details should not be nil") + test.AssertEquals(t, prob.Detail, "Could not connect to other.valid") } func TestHTTPRedirectLoop(t *testing.T) {