Skip to content

Commit

Permalink
feat: take out CNAME support from experimental features (go-acme#1718)
Browse files Browse the repository at this point in the history
  • Loading branch information
ldez authored Sep 19, 2022
1 parent 0d7ee5e commit af37b94
Show file tree
Hide file tree
Showing 8 changed files with 60 additions and 26 deletions.
5 changes: 4 additions & 1 deletion .golangci.toml
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,10 @@
text = "(tlsFeatureExtensionOID|ocspMustStapleFeature) is a global variable"
[[issues.exclude-rules]]
path = "challenge/dns01/nameserver.go"
text = "(defaultNameservers|recursiveNameservers|dnsTimeout|fqdnSoaCache|muFqdnSoaCache) is a global variable"
text = "(defaultNameservers|recursiveNameservers|fqdnSoaCache|muFqdnSoaCache) is a global variable"
[[issues.exclude-rules]]
path = "challenge/dns01/nameserver_.+.go"
text = "dnsTimeout is a global variable"
[[issues.exclude-rules]]
path = "challenge/dns01/nameserver_test.go"
text = "findXByFqdnTestCases is a global variable"
Expand Down
41 changes: 26 additions & 15 deletions challenge/dns01/dns_challenge.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,22 +176,33 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) {
keyAuthShaBytes := sha256.Sum256([]byte(keyAuth))
// base64URL encoding without padding
value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size])
fqdn = fmt.Sprintf("_acme-challenge.%s.", domain)

if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok {
// recursion counter so it doesn't spin out of control
for limit := 0; limit < 50; limit++ {
// Keep following CNAMEs
r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
// Check if the domain has CNAME then use that
if err == nil && r.Rcode == dns.RcodeSuccess {
fqdn = updateDomainWithCName(r, fqdn)
} else {
// No more CNAME records to follow, exit
return
}

fqdn = getChallengeFqdn(domain)

return
}

func getChallengeFqdn(domain string) string {
fqdn := fmt.Sprintf("_acme-challenge.%s.", domain)

if ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")); ok {
return fqdn
}

// recursion counter so it doesn't spin out of control
for limit := 0; limit < 50; limit++ {
// Keep following CNAMEs
r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)

// Check if the domain has CNAME then use that
if err == nil && r.Rcode == dns.RcodeSuccess {
fqdn = updateDomainWithCName(r, fqdn)
continue
}

// No more CNAME records to follow, exit
break
}

return
return fqdn
}
3 changes: 0 additions & 3 deletions challenge/dns01/nameserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@ import (

const defaultResolvConf = "/etc/resolv.conf"

// dnsTimeout is used to override the default DNS timeout of 10 seconds.
var dnsTimeout = 10 * time.Second

var (
fqdnSoaCache = map[string]*soaCacheEntry{}
muFqdnSoaCache sync.Mutex
Expand Down
8 changes: 8 additions & 0 deletions challenge/dns01/nameserver_unix.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
//go:build !windows

package dns01

import "time"

// dnsTimeout is used to override the default DNS timeout of 10 seconds.
var dnsTimeout = 10 * time.Second
8 changes: 8 additions & 0 deletions challenge/dns01/nameserver_windows.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
//go:build windows

package dns01

import "time"

// dnsTimeout is used to override the default DNS timeout of 20 seconds.
var dnsTimeout = 20 * time.Second
5 changes: 0 additions & 5 deletions docs/content/dns/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,6 @@ $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \
lego --dns cloudflare --domains www.example.com --email [email protected] run
```

## Experimental Features

To resolve CNAME when creating dns-01 challenge:
set `LEGO_EXPERIMENTAL_CNAME_SUPPORT` to `true`.

## DNS Providers

{{% tableofdnsproviders %}}
2 changes: 1 addition & 1 deletion providers/dns/acmedns/acmedns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ var (

const (
// Fixed test data for unit tests.
egDomain = "threeletter.agency"
egDomain = "example.com"
egFQDN = "_acme-challenge." + egDomain + "."
egKeyAuth = "⚷"
)
Expand Down
14 changes: 13 additions & 1 deletion providers/dns/versio/versio_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package versio

import (
"fmt"
"io"
"net/http"
"net/http/httptest"
"testing"
Expand Down Expand Up @@ -231,7 +232,10 @@ func muxSuccess() *http.ServeMux {
})

mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
log.Printf("Not Found for Request: (%+v)\n\n", r)
log.Printf("unexpected request: %+v\n\n", r)
data, _ := io.ReadAll(r.Body)
defer func() { _ = r.Body.Close() }()
log.Println(string(data))
http.NotFound(w, r)
})

Expand Down Expand Up @@ -267,6 +271,14 @@ func muxFailToCreateTXT() *http.ServeMux {
w.WriteHeader(http.StatusBadRequest)
})

mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
log.Printf("unexpected request: %+v\n\n", r)
data, _ := io.ReadAll(r.Body)
defer func() { _ = r.Body.Close() }()
log.Println(string(data))
http.NotFound(w, r)
})

return mux
}

Expand Down

0 comments on commit af37b94

Please sign in to comment.