roster-server 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +26 -2
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -3,6 +3,7 @@ const path = require('path');
|
|
|
3
3
|
const http = require('http');
|
|
4
4
|
const https = require('https');
|
|
5
5
|
const tls = require('tls');
|
|
6
|
+
const crypto = require('crypto');
|
|
6
7
|
const { EventEmitter } = require('events');
|
|
7
8
|
const Greenlock = require('./vendor/greenlock-express/greenlock-express.js');
|
|
8
9
|
const GreenlockShim = require('./vendor/greenlock-express/greenlock-shim.js');
|
|
@@ -89,6 +90,16 @@ function buildCertLookupCandidates(servername) {
|
|
|
89
90
|
return candidates;
|
|
90
91
|
}
|
|
91
92
|
|
|
93
|
+
function certCoversName(certPem, name) {
|
|
94
|
+
try {
|
|
95
|
+
const x509 = new crypto.X509Certificate(certPem);
|
|
96
|
+
const san = (x509.subjectAltName || '').toLowerCase();
|
|
97
|
+
return san.split(',').some(entry => entry.trim() === `dns:${name.toLowerCase()}`);
|
|
98
|
+
} catch {
|
|
99
|
+
return false;
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
|
|
92
103
|
function parseBooleanFlag(value, fallback = false) {
|
|
93
104
|
if (value === undefined || value === null || value === '') return fallback;
|
|
94
105
|
const normalized = String(value).trim().toLowerCase();
|
|
@@ -909,10 +920,22 @@ class Roster {
|
|
|
909
920
|
};
|
|
910
921
|
const ensureBunDefaultPems = async (primaryDomain) => {
|
|
911
922
|
let pems = await issueAndReloadPemsForServername(primaryDomain);
|
|
923
|
+
|
|
924
|
+
const needsWildcard = this.combineWildcardCerts
|
|
925
|
+
&& this.wildcardZones.has(primaryDomain)
|
|
926
|
+
&& this.dnsChallenge;
|
|
927
|
+
|
|
928
|
+
if (pems && needsWildcard && !certCoversName(pems.cert, `*.${primaryDomain}`)) {
|
|
929
|
+
log.warn(`⚠️ Existing cert for ${primaryDomain} lacks *.${primaryDomain} SAN — clearing stale cert for combined re-issuance`);
|
|
930
|
+
const certDir = path.join(greenlockStorePath, 'live', primaryDomain);
|
|
931
|
+
try { fs.rmSync(certDir, { recursive: true, force: true }); } catch {}
|
|
932
|
+
pems = null;
|
|
933
|
+
}
|
|
934
|
+
|
|
912
935
|
if (pems) return pems;
|
|
913
936
|
|
|
914
937
|
const certSubject = primaryDomain.startsWith('*.') ? wildcardRoot(primaryDomain) : primaryDomain;
|
|
915
|
-
log.warn(`⚠️ Bun
|
|
938
|
+
log.warn(`⚠️ Bun: requesting ${needsWildcard ? 'combined wildcard' : ''} certificate for ${certSubject} via Greenlock before HTTPS bind`);
|
|
916
939
|
try {
|
|
917
940
|
await greenlockRuntime.get({ servername: certSubject });
|
|
918
941
|
} catch (error) {
|
|
@@ -1074,4 +1097,5 @@ module.exports.isBunRuntime = isBunRuntime;
|
|
|
1074
1097
|
module.exports.wildcardRoot = wildcardRoot;
|
|
1075
1098
|
module.exports.hostMatchesWildcard = hostMatchesWildcard;
|
|
1076
1099
|
module.exports.wildcardSubjectForHost = wildcardSubjectForHost;
|
|
1077
|
-
module.exports.buildCertLookupCandidates = buildCertLookupCandidates;
|
|
1100
|
+
module.exports.buildCertLookupCandidates = buildCertLookupCandidates;
|
|
1101
|
+
module.exports.certCoversName = certCoversName;
|