Skip to content

Commit bb47873

Browse files
adferrandDaniel McCarney
adferrand
authored and
Daniel McCarney
committed
va: fix tls-alpn-01 challenges with a custom DNS resolver (#265)
Fixes TLS-ALPN-01 challenges when a custom DNS resolver is used. Resolves #264
1 parent c4a4416 commit bb47873

File tree

1 file changed

+18
-4
lines changed

1 file changed

+18
-4
lines changed

va/va.go

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -342,7 +342,7 @@ func (va VAImpl) validateDNS01(task *vaTask) *core.ValidationRecord {
342342

343343
func (va VAImpl) validateTLSALPN01(task *vaTask) *core.ValidationRecord {
344344
portString := strconv.Itoa(va.tlsPort)
345-
hostPort := net.JoinHostPort(task.Identifier.Value, portString)
345+
346346
var serverNameIdentifier string
347347
switch task.Identifier.Type {
348348
case acme.IdentifierDNS:
@@ -351,11 +351,25 @@ func (va VAImpl) validateTLSALPN01(task *vaTask) *core.ValidationRecord {
351351
serverNameIdentifier = reverseaddr(task.Identifier.Value)
352352
}
353353
result := &core.ValidationRecord{
354-
URL: hostPort,
354+
URL: net.JoinHostPort(task.Identifier.Value, portString),
355355
ValidatedAt: time.Now(),
356356
}
357357

358-
cs, problem := va.fetchConnectionState(hostPort, &tls.Config{
358+
addrs, err := va.resolveIP(task.Identifier.Value)
359+
360+
if err != nil {
361+
result.Error = acme.MalformedProblem(
362+
fmt.Sprintf("Error occurred while resolving URL %q: %q", task.Identifier.Value, err))
363+
return result
364+
}
365+
366+
if len(addrs) == 0 {
367+
result.Error = acme.MalformedProblem(
368+
fmt.Sprintf("Could not resolve URL %q", task.Identifier.Value))
369+
return result
370+
}
371+
372+
cs, problem := va.fetchConnectionState(net.JoinHostPort(addrs[0], portString), &tls.Config{
359373
ServerName: serverNameIdentifier,
360374
NextProtos: []string{acme.ACMETLS1Protocol},
361375
InsecureSkipVerify: true,
@@ -397,7 +411,7 @@ func (va VAImpl) validateTLSALPN01(task *vaTask) *core.ValidationRecord {
397411
"Incorrect validation certificate for %s challenge. "+
398412
"Requested %s from %s. Received %d certificate(s), "+
399413
"first certificate had names %q",
400-
acme.ChallengeTLSALPN01, task.Identifier, hostPort, len(certs), names)
414+
acme.ChallengeTLSALPN01, task.Identifier, net.JoinHostPort(task.Identifier.Value, portString), len(certs), names)
401415
result.Error = acme.UnauthorizedProblem(errText)
402416
return result
403417
}

0 commit comments

Comments
 (0)