feat: take out CNAME support from experimental features (#1718)

2022-09-19 11:21:35 +02:00 · 2022-09-19 11:21:35 +02:00 · af37b94b38
commit af37b94b38
parent 0d7ee5e750
8 changed files with 60 additions and 26 deletions
--- a/.golangci.toml
+++ b/.golangci.toml
@ -125,7 +125,10 @@
    text = "(tlsFeatureExtensionOID|ocspMustStapleFeature) is a global variable"
  [[issues.exclude-rules]]
    path = "challenge/dns01/nameserver.go"
-    text = "(defaultNameservers|recursiveNameservers|dnsTimeout|fqdnSoaCache|muFqdnSoaCache) is a global variable"
+    text = "(defaultNameservers|recursiveNameservers|fqdnSoaCache|muFqdnSoaCache) is a global variable"
+  [[issues.exclude-rules]]
+    path = "challenge/dns01/nameserver_.+.go"
+    text = "dnsTimeout is a global variable"
  [[issues.exclude-rules]]
    path = "challenge/dns01/nameserver_test.go"
    text = "findXByFqdnTestCases is a global variable"
--- a/challenge/dns01/dns_challenge.go
+++ b/challenge/dns01/dns_challenge.go
@ -176,22 +176,33 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) {
 	keyAuthShaBytes := sha256.Sum256([]byte(keyAuth))
 	// base64URL encoding without padding
 	value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size])
-	fqdn = fmt.Sprintf("_acme-challenge.%s.", domain)

-	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok {
-		// recursion counter so it doesn't spin out of control
-		for limit := 0; limit < 50; limit++ {
-			// Keep following CNAMEs
-			r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
-			// Check if the domain has CNAME then use that
-			if err == nil && r.Rcode == dns.RcodeSuccess {
-				fqdn = updateDomainWithCName(r, fqdn)
-			} else {
-				// No more CNAME records to follow, exit
-				return
-			}
-		}
-	}
+	fqdn = getChallengeFqdn(domain)

 	return
 }
+
+func getChallengeFqdn(domain string) string {
+	fqdn := fmt.Sprintf("_acme-challenge.%s.", domain)
+
+	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")); ok {
+		return fqdn
+	}
+
+	// recursion counter so it doesn't spin out of control
+	for limit := 0; limit < 50; limit++ {
+		// Keep following CNAMEs
+		r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
+
+		// Check if the domain has CNAME then use that
+		if err == nil && r.Rcode == dns.RcodeSuccess {
+			fqdn = updateDomainWithCName(r, fqdn)
+			continue
+		}
+
+		// No more CNAME records to follow, exit
+		break
+	}
+
+	return fqdn
+}
--- a/challenge/dns01/nameserver.go
+++ b/challenge/dns01/nameserver.go
@ -13,9 +13,6 @@ import (

 const defaultResolvConf = "/etc/resolv.conf"

-// dnsTimeout is used to override the default DNS timeout of 10 seconds.
-var dnsTimeout = 10 * time.Second
-
 var (
 	fqdnSoaCache   = map[string]*soaCacheEntry{}
 	muFqdnSoaCache sync.Mutex
--- a/challenge/dns01/nameserver_unix.go
+++ b/challenge/dns01/nameserver_unix.go
@ -0,0 +1,8 @@
+//go:build !windows
+
+package dns01
+
+import "time"
+
+// dnsTimeout is used to override the default DNS timeout of 10 seconds.
+var dnsTimeout = 10 * time.Second
--- a/challenge/dns01/nameserver_windows.go
+++ b/challenge/dns01/nameserver_windows.go
@ -0,0 +1,8 @@
+//go:build windows
+
+package dns01
+
+import "time"
+
+// dnsTimeout is used to override the default DNS timeout of 20 seconds.
+var dnsTimeout = 20 * time.Second
--- a/docs/content/dns/_index.md
+++ b/docs/content/dns/_index.md
@ -45,11 +45,6 @@ $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \
  lego --dns cloudflare --domains www.example.com --email you@example.com run
 ```

-## Experimental Features
-
-To resolve CNAME when creating dns-01 challenge:
-set `LEGO_EXPERIMENTAL_CNAME_SUPPORT` to `true`.
-
 ## DNS Providers

 {{% tableofdnsproviders %}}
--- a/providers/dns/acmedns/acmedns_test.go
+++ b/providers/dns/acmedns/acmedns_test.go
@ -18,7 +18,7 @@ var (

 const (
 	// Fixed test data for unit tests.
-	egDomain  = "threeletter.agency"
+	egDomain  = "example.com"
 	egFQDN    = "_acme-challenge." + egDomain + "."
 	egKeyAuth = "⚷"
 )
--- a/providers/dns/versio/versio_test.go
+++ b/providers/dns/versio/versio_test.go
@ -2,6 +2,7 @@ package versio

 import (
 	"fmt"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@ -231,7 +232,10 @@ func muxSuccess() *http.ServeMux {
 	})

 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		log.Printf("Not Found for Request: (%+v)\n\n", r)
+		log.Printf("unexpected request: %+v\n\n", r)
+		data, _ := io.ReadAll(r.Body)
+		defer func() { _ = r.Body.Close() }()
+		log.Println(string(data))
 		http.NotFound(w, r)
 	})

@ -267,6 +271,14 @@ func muxFailToCreateTXT() *http.ServeMux {
 		w.WriteHeader(http.StatusBadRequest)
 	})

+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		log.Printf("unexpected request: %+v\n\n", r)
+		data, _ := io.ReadAll(r.Body)
+		defer func() { _ = r.Body.Close() }()
+		log.Println(string(data))
+		http.NotFound(w, r)
+	})
+
 	return mux
 }