mirror/tlstunnel
1
1
Fork 0
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-11-19 15:53:50 +01:00
Code

Put managed names in an allow-list for validate_command

Browse Source
This commit is contained in:
Simon Ser 2021-08-03 15:27:02 +02:00
parent a154e708fc
commit 615fb32fda
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
directives.go
View File

@ -192,11 +192,21 @@ func parseTLSOnDemand(srv *Server, d *scfg.Directive) error {
return err return err
} }
} }
// If the user has explicitly requested a certificate for this
// name to be maintained, no need to perform the command check
for _, n := range srv.ManagedNames {
if strings.EqualFold(n, name) {
return nil
}
}
cmd := exec.Command(cmdName, child.Params[1:]...) cmd := exec.Command(cmdName, child.Params[1:]...)
cmd.Env = append(os.Environ(), "TLSTUNNEL_NAME="+name) cmd.Env = append(os.Environ(), "TLSTUNNEL_NAME="+name)
if err := cmd.Run(); err != nil { if err := cmd.Run(); err != nil {
return fmt.Errorf("failed to validate domain %q with command %q: %v", name, cmdName, err) return fmt.Errorf("failed to validate domain %q with command %q: %v", name, cmdName, err)
} }
return nil return nil
} }
default: default: