Open fpietrosanti opened 6 years ago
Reference for fix #2139
When this Lets Encrypt scipt code executed ? is is done at frontend level by user or is it a background process?
@yogken: letsencrypt is enabled by the user at front end level and the code is executed synchronously on the backend.
I think a proper fix would be to prevent to configure an ip address on the hostname configuration.
Current behavior Actually GlobaLeaks do allow end-user to insert IP address in the procedure for LetsEncrypt certificate activation, triggering an error in the backend.
Expected behavior GlobaLeaks should do strict validation of what's acceptable as hostname to be used for LE certificate enrollment.
Example error when activating over IP address: Platform: WB_PROVA_AMA#1 Host: 10.10.50.159
Version: 3.3.11
acme.messages.Error ACME error.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/twisted/internet/defer.py", line 1384, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g)
File "/usr/lib/python3/dist-packages/twisted/python/failure.py", line 408, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb)
File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 562, in put yield acme_cert_issuance(self.request.tid)
File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext result = inContext.theWork()
File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in
inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext return func(*args,**kw)
File "/usr/lib/python3/dist-packages/globaleaks/orm.py", line 109, in _wrap result = function(session, *args, **kwargs)
File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 542, in acme_cert_issuance return db_acme_cert_issuance(session, tid)
File "/usr/lib/python3/dist-packages/globaleaks/handlers/admin/https.py", line 532, in db_acme_cert_issuance Settings.acme_directory_url)
File "/usr/lib/python3/dist-packages/globaleaks/utils/letsencrypt.py", line 66, in run_acme_reg_to_finish order = client.new_order(csr)
File "/usr/lib/python3/dist-packages/acme/client.py", line 608, in new_order response = self._post(self.directory['newOrder'], order)
File "/usr/lib/python3/dist-packages/acme/client.py", line 93, in _post return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1082, in post return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1096, in _post_once return self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 956, in _check_response raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: Error creating new order :: Issuance for IP addresses not supported