Compare commits
No commits in common. "main" and "v1.3.0" have entirely different histories.
25
dns.go
25
dns.go
|
|
@ -161,21 +161,6 @@ type writeMsg interface {
|
|||
WriteMsg(*dns.Msg) error
|
||||
}
|
||||
|
||||
type dnsToHTTPWriter struct {
|
||||
http.ResponseWriter
|
||||
}
|
||||
|
||||
func (d *dnsToHTTPWriter) WriteMsg(m *dns.Msg) error {
|
||||
d.Header().Set("Content-Type", "application/dns-message")
|
||||
d.WriteHeader(http.StatusOK)
|
||||
b, err := m.Pack()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = d.Write(b)
|
||||
return err
|
||||
}
|
||||
|
||||
// dohHandler handles a DoH request by POST only.
|
||||
func (s *ChallSrv) dohHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
|
|
@ -195,7 +180,8 @@ func (s *ChallSrv) dohHandler(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
s.dnsHandlerInner(&dnsToHTTPWriter{w}, msg, r.Header.Get("User-Agent"))
|
||||
var dnsResponseWriter dns.ResponseWriter
|
||||
s.dnsHandler(dnsResponseWriter, msg)
|
||||
}
|
||||
|
||||
// dnsHandler is a miekg/dns handler that can process a dns.Msg request and
|
||||
|
|
@ -204,10 +190,10 @@ func (s *ChallSrv) dohHandler(w http.ResponseWriter, r *http.Request) {
|
|||
// DNS data. A host that is aliased by a CNAME record will follow that alias
|
||||
// one level and return the requested record types for that alias' target
|
||||
func (s *ChallSrv) dnsHandler(w dns.ResponseWriter, r *dns.Msg) {
|
||||
s.dnsHandlerInner(w, r, "")
|
||||
s.dnsHandlerInner(w, r)
|
||||
}
|
||||
|
||||
func (s *ChallSrv) dnsHandlerInner(w writeMsg, r *dns.Msg, userAgent string) {
|
||||
func (s *ChallSrv) dnsHandlerInner(w writeMsg, r *dns.Msg) {
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(r)
|
||||
m.Compress = false
|
||||
|
|
@ -215,8 +201,7 @@ func (s *ChallSrv) dnsHandlerInner(w writeMsg, r *dns.Msg, userAgent string) {
|
|||
// For each question, add answers based on the type of question
|
||||
for _, q := range r.Question {
|
||||
s.AddRequestEvent(DNSRequestEvent{
|
||||
Question: q,
|
||||
UserAgent: userAgent,
|
||||
Question: q,
|
||||
})
|
||||
|
||||
// If there is a ServFail mock set then ignore the question and set the
|
||||
|
|
|
|||
5
event.go
5
event.go
|
|
@ -38,8 +38,6 @@ type HTTPRequestEvent struct {
|
|||
// The ServerName from the ClientHello. May be empty if there was no SNI or if
|
||||
// the request was not HTTPS
|
||||
ServerName string
|
||||
// The User-Agent header from the request
|
||||
UserAgent string
|
||||
}
|
||||
|
||||
// HTTPRequestEvents always have type HTTPRequestEventType
|
||||
|
|
@ -61,9 +59,6 @@ func (e HTTPRequestEvent) Key() string {
|
|||
type DNSRequestEvent struct {
|
||||
// The DNS question received.
|
||||
Question dns.Question
|
||||
// The User-Agent header from the request, may be empty
|
||||
// if the request was not over DoH.
|
||||
UserAgent string
|
||||
}
|
||||
|
||||
// DNSRequestEvents always have type DNSRequestEventType
|
||||
|
|
|
|||
|
|
@ -128,7 +128,6 @@ func (s *ChallSrv) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
Host: r.Host,
|
||||
HTTPS: r.TLS != nil,
|
||||
ServerName: serverName,
|
||||
UserAgent: r.Header.Get("User-Agent"),
|
||||
})
|
||||
|
||||
// If the request was not over HTTPS and we have a redirect, serve it.
|
||||
|
|
@ -189,6 +188,11 @@ func httpOneServer(address string, handler http.Handler, https bool) challengeSe
|
|||
if https {
|
||||
tlsConfig = &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
// Only accept TLS 1.0 and TLS 1.1. This is a temporary restriction, to
|
||||
// make it possible to test Boulder features that log when validation hits
|
||||
// an HTTPS URL that doesn't support TLS >1.2. Once Let's Encrypt turns
|
||||
// off TLS 1.0 and TLS 1.1 support in validations, remove this line.
|
||||
MaxVersion: tls.VersionTLS11,
|
||||
}
|
||||
}
|
||||
// Create an HTTP Server for HTTP-01 challenges
|
||||
|
|
|
|||
Loading…
Reference in New Issue