diff options
author | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-09-20 13:03:25 +0300 |
---|---|---|
committer | Evgeny Khramtsov <ekhramtsov@process-one.net> | 2019-09-20 13:03:25 +0300 |
commit | 4cdb4c2090ce2547a2e7920ae2d049644507936a (patch) | |
tree | eb3a54d88d4b353693236b56998d1d4624d5283f /src/ejabberd_acme.erl | |
parent | Add listener for ACME challenge in example config (diff) |
Don't auto request certificate for localhost and IP-like domains
Diffstat (limited to 'src/ejabberd_acme.erl')
-rw-r--r-- | src/ejabberd_acme.erl | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index bedf7b792..b9e7ce10e 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -565,7 +565,8 @@ request_on_start() -> _ -> case lists:filter( fun(Host) -> - not have_cert_for_domain(Host) + not (have_cert_for_domain(Host) + orelse is_ip_or_localhost(Host)) end, all_domains()) of [] -> false; Hosts -> @@ -591,6 +592,15 @@ well_known() -> have_cert_for_domain(Host) -> ejabberd_pkix:get_certfile_no_default(Host) /= error. +-spec is_ip_or_localhost(binary()) -> boolean(). +is_ip_or_localhost(Host) -> + Parts = binary:split(Host, <<".">>), + TLD = binary_to_list(lists:last(Parts)), + case inet:parse_address(TLD) of + {ok, _} -> true; + _ -> TLD == "localhost" + end. + -spec have_acme_listener() -> boolean(). have_acme_listener() -> lists:any( |