Put managed names in an allow-list for validate_command
This commit is contained in:
Simon Ser
parent
a154e708fc
commit
615fb32fda
|
|
@ -192,11 +192,21 @@ func parseTLSOnDemand(srv *Server, d *scfg.Directive) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the user has explicitly requested a certificate for this
|
||||||
|
// name to be maintained, no need to perform the command check
|
||||||
|
for _, n := range srv.ManagedNames {
|
||||||
|
if strings.EqualFold(n, name) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
cmd := exec.Command(cmdName, child.Params[1:]...)
|
cmd := exec.Command(cmdName, child.Params[1:]...)
|
||||||
cmd.Env = append(os.Environ(), "TLSTUNNEL_NAME="+name)
|
cmd.Env = append(os.Environ(), "TLSTUNNEL_NAME="+name)
|
||||||
if err := cmd.Run(); err != nil {
|
if err := cmd.Run(); err != nil {
|
||||||
return fmt.Errorf("failed to validate domain %q with command %q: %v", name, cmdName, err)
|
return fmt.Errorf("failed to validate domain %q with command %q: %v", name, cmdName, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue