Closed komuw closed 1 year ago
package main
import (
"fmt"
"log"
"net/http"
)
/*
openssl req -new -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.csr
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
*/
func main() {
// create a custom server
s := &http.Server{
Addr: ":443",
Handler: nil, // use `http.DefaultServeMux`
}
// handle `/` route
http.HandleFunc("/", func(res http.ResponseWriter, req *http.Request) {
fmt.Fprint(res, "Hello Custom World!")
})
log.Println("listening on ", s.Addr)
log.Fatal(s.ListenAndServeTLS("localhost.crt", "localhost.key"))
}
cat /etc/hosts
127.0.0.1 hey.com
curl -vkL https://hey.com./
HTTP/2 200
content-type: text/plain; charset=utf-8
Hello Custom World!
Also;
curl -vkIL https://google.com./
succeeds
and so does curl -vkIL https://example.com./
So I think we should leave things as is.
This check should probably be removed; https://github.com/komuw/ong/blob/664be60ae7879f2e85ea389ee72530cacb744f10/internal/acme/acme.go#L106-L107
Seems that check was added to
x/crypto/acme
before Go http infra was updated to deny such domains. See; https://github.com/golang/go/issues/18114#issuecomment-264935369Investigated if that is true and remove the check.