From af37b94b38a607c59b328a780e44e16e74c5eeef Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Mon, 19 Sep 2022 11:21:35 +0200 Subject: [PATCH] feat: take out CNAME support from experimental features (#1718) --- .golangci.toml | 5 +++- challenge/dns01/dns_challenge.go | 41 +++++++++++++++++---------- challenge/dns01/nameserver.go | 3 -- challenge/dns01/nameserver_unix.go | 8 ++++++ challenge/dns01/nameserver_windows.go | 8 ++++++ docs/content/dns/_index.md | 5 ---- providers/dns/acmedns/acmedns_test.go | 2 +- providers/dns/versio/versio_test.go | 14 ++++++++- 8 files changed, 60 insertions(+), 26 deletions(-) create mode 100644 challenge/dns01/nameserver_unix.go create mode 100644 challenge/dns01/nameserver_windows.go diff --git a/.golangci.toml b/.golangci.toml index e7a9a560..e7e21518 100644 --- a/.golangci.toml +++ b/.golangci.toml @@ -125,7 +125,10 @@ text = "(tlsFeatureExtensionOID|ocspMustStapleFeature) is a global variable" [[issues.exclude-rules]] path = "challenge/dns01/nameserver.go" - text = "(defaultNameservers|recursiveNameservers|dnsTimeout|fqdnSoaCache|muFqdnSoaCache) is a global variable" + text = "(defaultNameservers|recursiveNameservers|fqdnSoaCache|muFqdnSoaCache) is a global variable" + [[issues.exclude-rules]] + path = "challenge/dns01/nameserver_.+.go" + text = "dnsTimeout is a global variable" [[issues.exclude-rules]] path = "challenge/dns01/nameserver_test.go" text = "findXByFqdnTestCases is a global variable" diff --git a/challenge/dns01/dns_challenge.go b/challenge/dns01/dns_challenge.go index 2f335ee4..ca24e7af 100644 --- a/challenge/dns01/dns_challenge.go +++ b/challenge/dns01/dns_challenge.go @@ -176,22 +176,33 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) { keyAuthShaBytes := sha256.Sum256([]byte(keyAuth)) // base64URL encoding without padding value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size]) - fqdn = fmt.Sprintf("_acme-challenge.%s.", domain) - if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok { - // recursion counter so it doesn't spin out of control - for limit := 0; limit < 50; limit++ { - // Keep following CNAMEs - r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true) - // Check if the domain has CNAME then use that - if err == nil && r.Rcode == dns.RcodeSuccess { - fqdn = updateDomainWithCName(r, fqdn) - } else { - // No more CNAME records to follow, exit - return - } - } - } + fqdn = getChallengeFqdn(domain) return } + +func getChallengeFqdn(domain string) string { + fqdn := fmt.Sprintf("_acme-challenge.%s.", domain) + + if ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")); ok { + return fqdn + } + + // recursion counter so it doesn't spin out of control + for limit := 0; limit < 50; limit++ { + // Keep following CNAMEs + r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true) + + // Check if the domain has CNAME then use that + if err == nil && r.Rcode == dns.RcodeSuccess { + fqdn = updateDomainWithCName(r, fqdn) + continue + } + + // No more CNAME records to follow, exit + break + } + + return fqdn +} diff --git a/challenge/dns01/nameserver.go b/challenge/dns01/nameserver.go index a6947e9c..4762dc57 100644 --- a/challenge/dns01/nameserver.go +++ b/challenge/dns01/nameserver.go @@ -13,9 +13,6 @@ import ( const defaultResolvConf = "/etc/resolv.conf" -// dnsTimeout is used to override the default DNS timeout of 10 seconds. -var dnsTimeout = 10 * time.Second - var ( fqdnSoaCache = map[string]*soaCacheEntry{} muFqdnSoaCache sync.Mutex diff --git a/challenge/dns01/nameserver_unix.go b/challenge/dns01/nameserver_unix.go new file mode 100644 index 00000000..a3cbad13 --- /dev/null +++ b/challenge/dns01/nameserver_unix.go @@ -0,0 +1,8 @@ +//go:build !windows + +package dns01 + +import "time" + +// dnsTimeout is used to override the default DNS timeout of 10 seconds. +var dnsTimeout = 10 * time.Second diff --git a/challenge/dns01/nameserver_windows.go b/challenge/dns01/nameserver_windows.go new file mode 100644 index 00000000..739e54a4 --- /dev/null +++ b/challenge/dns01/nameserver_windows.go @@ -0,0 +1,8 @@ +//go:build windows + +package dns01 + +import "time" + +// dnsTimeout is used to override the default DNS timeout of 20 seconds. +var dnsTimeout = 20 * time.Second diff --git a/docs/content/dns/_index.md b/docs/content/dns/_index.md index 0bdc1ba2..eba5e4b7 100644 --- a/docs/content/dns/_index.md +++ b/docs/content/dns/_index.md @@ -45,11 +45,6 @@ $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \ lego --dns cloudflare --domains www.example.com --email you@example.com run ``` -## Experimental Features - -To resolve CNAME when creating dns-01 challenge: -set `LEGO_EXPERIMENTAL_CNAME_SUPPORT` to `true`. - ## DNS Providers {{% tableofdnsproviders %}} diff --git a/providers/dns/acmedns/acmedns_test.go b/providers/dns/acmedns/acmedns_test.go index 4f5f5031..bce36c7a 100644 --- a/providers/dns/acmedns/acmedns_test.go +++ b/providers/dns/acmedns/acmedns_test.go @@ -18,7 +18,7 @@ var ( const ( // Fixed test data for unit tests. - egDomain = "threeletter.agency" + egDomain = "example.com" egFQDN = "_acme-challenge." + egDomain + "." egKeyAuth = "⚷" ) diff --git a/providers/dns/versio/versio_test.go b/providers/dns/versio/versio_test.go index 026a20d4..7144d43a 100644 --- a/providers/dns/versio/versio_test.go +++ b/providers/dns/versio/versio_test.go @@ -2,6 +2,7 @@ package versio import ( "fmt" + "io" "net/http" "net/http/httptest" "testing" @@ -231,7 +232,10 @@ func muxSuccess() *http.ServeMux { }) mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - log.Printf("Not Found for Request: (%+v)\n\n", r) + log.Printf("unexpected request: %+v\n\n", r) + data, _ := io.ReadAll(r.Body) + defer func() { _ = r.Body.Close() }() + log.Println(string(data)) http.NotFound(w, r) }) @@ -267,6 +271,14 @@ func muxFailToCreateTXT() *http.ServeMux { w.WriteHeader(http.StatusBadRequest) }) + mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + log.Printf("unexpected request: %+v\n\n", r) + data, _ := io.ReadAll(r.Body) + defer func() { _ = r.Body.Close() }() + log.Println(string(data)) + http.NotFound(w, r) + }) + return mux }