mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Don't auto request certificate for localhost and IP-like domains
This commit is contained in:
parent
1162137d5d
commit
4cdb4c2090
@ -565,7 +565,8 @@ request_on_start() ->
|
||||
_ ->
|
||||
case lists:filter(
|
||||
fun(Host) ->
|
||||
not have_cert_for_domain(Host)
|
||||
not (have_cert_for_domain(Host)
|
||||
orelse is_ip_or_localhost(Host))
|
||||
end, all_domains()) of
|
||||
[] -> false;
|
||||
Hosts ->
|
||||
@ -591,6 +592,15 @@ well_known() ->
|
||||
have_cert_for_domain(Host) ->
|
||||
ejabberd_pkix:get_certfile_no_default(Host) /= error.
|
||||
|
||||
-spec is_ip_or_localhost(binary()) -> boolean().
|
||||
is_ip_or_localhost(Host) ->
|
||||
Parts = binary:split(Host, <<".">>),
|
||||
TLD = binary_to_list(lists:last(Parts)),
|
||||
case inet:parse_address(TLD) of
|
||||
{ok, _} -> true;
|
||||
_ -> TLD == "localhost"
|
||||
end.
|
||||
|
||||
-spec have_acme_listener() -> boolean().
|
||||
have_acme_listener() ->
|
||||
lists:any(
|
||||
|
Loading…
Reference in New Issue
Block a user