Skip to content

Commit

Permalink
home: imp err
Browse files Browse the repository at this point in the history
  • Loading branch information
@ainar-g
ainar-g committed Nov 22, 2022
1 parent fd65a99 commit 5101433
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions internal/home/tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -513,6 +513,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
return nil
}

// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
// certificate doesn't contain IPs.
const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
`DNS-over-TLS won't be advertised via DDR`

// parseCertChain parses the certificate chain from raw data, and returns it.
// If ok is true, the returned error, if any, is not critical.
func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
Expand All @@ -535,8 +540,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
log.Info("tls: number of certs: %d", len(parsedCerts))

if !aghtls.CertificateHasIP(parsedCerts[0]) {
err = errors.Error(`certificate has no IP addresses` +
`, this may cause issues with DNS-over-TLS clients`)
err = errNoIPInCert
}

return parsedCerts, true, err
Expand Down

0 comments on commit 5101433

Please sign in to comment.