search

komuw / ong

ong, is a Go http toolkit.
MIT License
16 stars 4 forks source link

ong/acme: remove check for trailing dot #308

Closed komuw closed 1 year ago

komuw commented 1 year ago

This check should probably be removed; https://github.com/komuw/ong/blob/664be60ae7879f2e85ea389ee72530cacb744f10/internal/acme/acme.go#L106-L107

Seems that check was added to x/crypto/acme before Go http infra was updated to deny such domains. See; https://github.com/golang/go/issues/18114#issuecomment-264935369

Investigated if that is true and remove the check.

komuw commented 1 year ago

Also see; https://github.com/golang/go/blob/go1.20.5/src/crypto/tls/common.go#L1074-L1076

komuw commented 1 year ago 
package main

import (
    "fmt"
    "log"
    "net/http"
)

/*
openssl req  -new  -newkey rsa:2048  -nodes  -keyout localhost.key  -out localhost.csr
openssl  x509  -req  -days 365  -in localhost.csr  -signkey localhost.key  -out localhost.crt
*/
func main() {
    // create a custom server
    s := &http.Server{
        Addr:    ":443",
        Handler: nil, // use `http.DefaultServeMux`
    }

    // handle `/` route
    http.HandleFunc("/", func(res http.ResponseWriter, req *http.Request) {
        fmt.Fprint(res, "Hello Custom World!")
    })

    log.Println("listening on   ", s.Addr)
    log.Fatal(s.ListenAndServeTLS("localhost.crt", "localhost.key"))
}
cat /etc/hosts

127.0.0.1 hey.com
curl -vkL https://hey.com./

HTTP/2 200
content-type: text/plain; charset=utf-8
Hello Custom World!
komuw commented 1 year ago

Also; curl -vkIL https://google.com./ succeeds and so does curl -vkIL https://example.com./

So I think we should leave things as is.