Disallow using the same domaine for association and delegation
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
0e7b829b46
commit
db9254174a
2 changed files with 23 additions and 5 deletions
|
|
@ -789,11 +789,18 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
|
|||
|
||||
// SNI check: validate if this check + HTTPS on delegation is validated
|
||||
if snicheck1 {
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS-SNI challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSSNI], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
if std.MyAssociatedDomain() == std.MyDelegatedDomain() {
|
||||
std.RegisterChallengeError(CheckMap[tunnel_version][HTTPSSNI], fmt.Errorf("associated and delegated domains have to be different. Please use eg. adlin.example.com as associated domain and wonderfulwebsite.example.com as delegation. Feel free to choose whatever you want that doesn't already exists in your zone!"))
|
||||
if verbose {
|
||||
log.Printf("%s and HTTPS-SNI: %s\n", std.Login, "associated and delegated domains not accessible at the same time through HTTPS")
|
||||
}
|
||||
} else {
|
||||
if verbose {
|
||||
log.Printf("%s just unlocked HTTPS-SNI challenge\n", std.Login)
|
||||
}
|
||||
if _, err := std.UnlockChallenge(CheckMap[tunnel_version][HTTPSSNI], ""); err != nil {
|
||||
log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
|
|
|
|||
Reference in a new issue