mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
diff --git a/va/http.go b/va/http.go
|
|
index dd9f0a998..8af8d1fe8 100644
|
|
--- a/va/http.go
|
|
+++ b/va/http.go
|
|
@@ -349,7 +349,16 @@ func (va *ValidationAuthorityImpl) extractRequestTarget(req *http.Request) (iden
|
|
}
|
|
|
|
if _, err := iana.ExtractSuffix(reqHost); err != nil {
|
|
- return identifier.ACMEIdentifier{}, 0, berrors.ConnectionFailureError("Invalid host in redirect target, must end in IANA registered TLD")
|
|
+ isLabca := false
|
|
+ for _, domain := range va.labcaDomains {
|
|
+ if strings.HasSuffix(reqHost, "."+domain) {
|
|
+ isLabca = true
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if !isLabca {
|
|
+ return identifier.ACMEIdentifier{}, 0, berrors.ConnectionFailureError("Invalid host in redirect target, must end in IANA registered TLD")
|
|
+ }
|
|
}
|
|
|
|
return identifier.NewDNS(reqHost), reqPort, nil
|
|
@@ -397,10 +406,10 @@ func (va *ValidationAuthorityImpl) setupHTTPValidation(
|
|
|
|
// This is a backstop check to avoid connecting to reserved IP addresses.
|
|
// They should have been caught and excluded by `bdns.LookupHost`.
|
|
- err := va.isReservedIPFunc(targetIP)
|
|
- if err != nil {
|
|
- return nil, record, err
|
|
- }
|
|
+ // err := va.isReservedIPFunc(targetIP)
|
|
+ // if err != nil {
|
|
+ // return nil, record, err
|
|
+ // }
|
|
|
|
record.AddressUsed = targetIP
|
|
|