25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Don't auto request certificate for localhost and IP-like domains

This commit is contained in:
Evgeny Khramtsov 2019-09-20 13:03:25 +03:00
parent 1162137d5d
commit 4cdb4c2090

View File

@ -565,7 +565,8 @@ request_on_start() ->
_ -> _ ->
case lists:filter( case lists:filter(
fun(Host) -> fun(Host) ->
not have_cert_for_domain(Host) not (have_cert_for_domain(Host)
orelse is_ip_or_localhost(Host))
end, all_domains()) of end, all_domains()) of
[] -> false; [] -> false;
Hosts -> Hosts ->
@ -591,6 +592,15 @@ well_known() ->
have_cert_for_domain(Host) -> have_cert_for_domain(Host) ->
ejabberd_pkix:get_certfile_no_default(Host) /= error. ejabberd_pkix:get_certfile_no_default(Host) /= error.
-spec is_ip_or_localhost(binary()) -> boolean().
is_ip_or_localhost(Host) ->
Parts = binary:split(Host, <<".">>),
TLD = binary_to_list(lists:last(Parts)),
case inet:parse_address(TLD) of
{ok, _} -> true;
_ -> TLD == "localhost"
end.
-spec have_acme_listener() -> boolean(). -spec have_acme_listener() -> boolean().
have_acme_listener() -> have_acme_listener() ->
lists:any( lists:any(