flip/convox
1
0
Fork 0
mirror of https://github.com/FlipsideCrypto/convox.git synced 2026-02-06 10:56:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

router: work around chrome agressive ct caching (#86)

Browse Source
This commit is contained in:
David Dollar 2020-01-29 08:45:11 -05:00 committed by GitHub
parent 5192c09625
commit 981cfc00e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/router/router.go
View File

@ -234,20 +234,27 @@ func (r *Router) Upstream() (string, error) {
return fmt.Sprintf("%s:53", cc.Servers[0]), nil
}
func (r *Router) autocertHostPolicy(ctx context.Context, host string) error {
ts, err := r.storage.TargetList(host)
if err != nil {
return err
}
if len(ts) == 0 {
return fmt.Errorf("unknown host")
}
// work around chrome's agressive CT caching
time.Sleep(5 * time.Second)
return nil
}
func (r *Router) generateCertificateAutocert(m *autocert.Manager) func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
if hello.ServerName == "" {
return common.CertificateSelfSigned("convox")
}
ts, err := r.storage.TargetList(hello.ServerName)
if err != nil {
return nil, err
}
if len(ts) == 0 {
return nil, fmt.Errorf("unknown host")
}
c, err := m.GetCertificate(hello)
if err != nil {
fmt.Printf("err: %+v\n", err)
@ -367,8 +374,9 @@ func (r *Router) setupHTTP() error {
func (r *Router) setupHTTPAutocert() error {
m := &autocert.Manager{
Cache: r.cache,
Prompt: autocert.AcceptTOS,
Cache: r.cache,
HostPolicy: r.autocertHostPolicy,
Prompt: autocert.AcceptTOS,
}
ln, err := tls.Listen("tcp", fmt.Sprintf(":443"), &tls.Config{