Add new check: HTTPS-SNI
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
4d25665835
commit
3967a4e279
3 changed files with 32 additions and 6 deletions
|
|
@ -619,6 +619,9 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
|
|||
glueErr = err
|
||||
}
|
||||
|
||||
snicheck1 := false
|
||||
snicheck1_tested := false
|
||||
|
||||
// Check DNS
|
||||
if addr, err := check_dns(std.MyDelegatedDomain(), dnsIP); err == nil {
|
||||
if addr == nil {
|
||||
|
|
@ -658,6 +661,8 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
|
|||
if glueErr != nil {
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], fmt.Errorf("Unable to perform the test due to GLUE problem: %w", glueErr))
|
||||
} else if err := check_https(std.MyDelegatedDomain(), addr.String()); err == nil {
|
||||
snicheck1 = true
|
||||
snicheck1_tested = true
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS challenge\n", std.Login)
|
||||
}
|
||||
|
|
@ -665,6 +670,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
|
|||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
} else {
|
||||
snicheck1_tested = true
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonDelegatedDomain], err)
|
||||
if verbose {
|
||||
log.Printf("%s and HTTPS (with DNS ip=%s): %s\n", std.Login, addr.String(), err)
|
||||
|
|
@ -770,6 +776,16 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
|
|||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSonAssociatedDomain], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
|
||||
// SNI check: validate if this check + HTTPS on delegation is validated
|
||||
if snicheck1 {
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS-SNI challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSSNI], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
}
|
||||
} else {
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSonAssociatedDomain], err)
|
||||
if verbose {
|
||||
|
|
@ -778,6 +794,13 @@ func studentChecker(std *adlin.Student, also_check_matrix bool) {
|
|||
}
|
||||
}
|
||||
|
||||
if snicheck1_tested && !snicheck1 {
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSSNI], fmt.Errorf("associated and delegated domain are not accessible through HTTPS at the same time, see errors for thoses checks"))
|
||||
if verbose {
|
||||
log.Printf("%s and HTTPS-SNI: %s\n", std.Login, "associated and delegated domains not accessible at the same time through HTTPS")
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ const (
|
|||
DNSDelegation
|
||||
HTTPonDelegatedDomain
|
||||
HTTPSonDelegatedDomain
|
||||
HTTPSSNI
|
||||
MatrixSrv
|
||||
MatrixClt
|
||||
SNI
|
||||
|
|
@ -29,9 +30,10 @@ var CheckMap = map[int]map[AdlinTest]int{
|
|||
DNSDelegation: 103,
|
||||
HTTPonDelegatedDomain: 104,
|
||||
HTTPSonDelegatedDomain: 105,
|
||||
MatrixSrv: 106,
|
||||
MatrixClt: 107,
|
||||
DNSSEC: 108,
|
||||
HTTPSSNI: 106,
|
||||
MatrixSrv: 107,
|
||||
MatrixClt: 108,
|
||||
DNSSEC: 109,
|
||||
},
|
||||
3: map[AdlinTest]int{
|
||||
PingResolver: 200,
|
||||
|
|
|
|||
Reference in a new issue