improvement: warning on misconfigured reverse proxy
This commit is contained in:
Timo Kösters
parent
026af6b1a6
commit
226045ea4b
3 changed files with 10 additions and 6 deletions
|
|
@ -52,7 +52,10 @@ impl ServerCertVerifier for MatrixServerVerifier {
|
||||||
if result.is_ok() {
|
if result.is_ok() {
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name);
|
info!(
|
||||||
|
"Server {:?} is non-compliant, retrying TLS verification with original name",
|
||||||
|
dns_name
|
||||||
|
);
|
||||||
}
|
}
|
||||||
self.inner
|
self.inner
|
||||||
.verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
|
.verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
|
||||||
|
|
|
||||||
|
|
@ -203,9 +203,6 @@ where
|
||||||
"uri".to_owned(),
|
"uri".to_owned(),
|
||||||
CanonicalJsonValue::String(request.uri().to_string()),
|
CanonicalJsonValue::String(request.uri().to_string()),
|
||||||
);
|
);
|
||||||
|
|
||||||
println!("{}: {:?}", origin, request.uri().to_string());
|
|
||||||
|
|
||||||
request_map.insert(
|
request_map.insert(
|
||||||
"origin".to_owned(),
|
"origin".to_owned(),
|
||||||
CanonicalJsonValue::String(origin.as_str().to_owned()),
|
CanonicalJsonValue::String(origin.as_str().to_owned()),
|
||||||
|
|
@ -252,7 +249,11 @@ where
|
||||||
match ruma::signatures::verify_json(&pub_key_map, &request_map) {
|
match ruma::signatures::verify_json(&pub_key_map, &request_map) {
|
||||||
Ok(()) => (None, None, false),
|
Ok(()) => (None, None, false),
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
warn!("Failed to verify json request from {}: {}", origin, e,);
|
warn!("Failed to verify json request from {}: {}", origin, e);
|
||||||
|
|
||||||
|
if request.uri().to_string().contains('@') {
|
||||||
|
warn!("Request uri contained '@' character. Make sure your reverse proxy gives Conduit the raw uri (apache: use nocanon)");
|
||||||
|
}
|
||||||
|
|
||||||
// Forbidden
|
// Forbidden
|
||||||
return Failure((Status::raw(580), ()));
|
return Failure((Status::raw(580), ()));
|
||||||
|
|
|
||||||
|
|
@ -2201,7 +2201,7 @@ pub async fn fetch_required_signing_keys(
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{FedDest, add_port_to_hostname, get_ip_with_port};
|
use super::{add_port_to_hostname, get_ip_with_port, FedDest};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn ips_get_default_ports() {
|
fn ips_get_default_ports() {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue