infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-14 04:54:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

add a bit more logging for non-SNI tls requests

Browse Source 
for peace of mind.

these are probably requests to port 443 without SNI.
This commit is contained in:
Mechiel Lukkien
2023-02-25 12:56:25 +01:00
parent 26fcaa17f5
commit b8fa918d74
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
autotls/autotls.go
View File

@ -52,7 +52,7 @@ var (
// certificates for allowlisted hosts.
type Manager struct {
ACMETLSConfig *tls.Config // For serving HTTPS on port 443, which is required for certificate requests to succeed.
TLSConfig *tls.Config // For all TLS servers not used for validating ACME requests. Like SMTP and HTTPS on ports other than 443.
TLSConfig *tls.Config // For all TLS servers not used for validating ACME requests. Like SMTP and IMAP (including with STARTTLS) and HTTPS on ports other than 443.
Manager *autocert.Manager
shutdown <-chan struct{}
@ -147,7 +147,7 @@ func Load(name, acmeDir, contactEmail, directoryURL string, shutdown <-chan stru
// common for SMTP STARTTLS connections, which often do not care about the
// validation of the certificate.
if hello.ServerName == "" {
log.Debug("tls request without sni servername, rejecting")
log.Debug("tls request without sni servername, rejecting", mlog.Field("localaddr", hello.Conn.LocalAddr()), mlog.Field("supportedprotos", hello.SupportedProtos))
return nil, fmt.Errorf("sni server name required")
}