char
/
conduit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

improvement: warning on misconfigured reverse proxy

next
Timo Kösters 2021-04-24 12:27:46 +02:00
parent 026af6b1a6
commit 226045ea4b
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/database/globals.rs
View File

@ -52,7 +52,10 @@ impl ServerCertVerifier for MatrixServerVerifier {
if result.is_ok() { if result.is_ok() {
return result; return result;
} }
info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name); info!(
"Server {:?} is non-compliant, retrying TLS verification with original name",
dns_name
);
} }
self.inner self.inner
.verify_server_cert(roots, presented_certs, dns_name, ocsp_response) .verify_server_cert(roots, presented_certs, dns_name, ocsp_response)

9
src/ruma_wrapper.rs
View File

@ -203,9 +203,6 @@ where
"uri".to_owned(), "uri".to_owned(),
CanonicalJsonValue::String(request.uri().to_string()), CanonicalJsonValue::String(request.uri().to_string()),
); );
println!("{}: {:?}", origin, request.uri().to_string());
request_map.insert( request_map.insert(
"origin".to_owned(), "origin".to_owned(),
CanonicalJsonValue::String(origin.as_str().to_owned()), CanonicalJsonValue::String(origin.as_str().to_owned()),
@ -252,7 +249,11 @@ where
match ruma::signatures::verify_json(&pub_key_map, &request_map) { match ruma::signatures::verify_json(&pub_key_map, &request_map) {
Ok(()) => (None, None, false), Ok(()) => (None, None, false),
Err(e) => { Err(e) => {
warn!("Failed to verify json request from {}: {}", origin, e,); warn!("Failed to verify json request from {}: {}", origin, e);
if request.uri().to_string().contains('@') {
warn!("Request uri contained '@' character. Make sure your reverse proxy gives Conduit the raw uri (apache: use nocanon)");
}
// Forbidden // Forbidden
return Failure((Status::raw(580), ())); return Failure((Status::raw(580), ()));

2
src/server_server.rs
View File

@ -2201,7 +2201,7 @@ pub async fn fetch_required_signing_keys(
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::{FedDest, add_port_to_hostname, get_ip_with_port}; use super::{add_port_to_hostname, get_ip_with_port, FedDest};
#[test] #[test]
fn ips_get_default_ports() { fn ips_get_default_ports() {