diff options
Diffstat (limited to 'vendor/github.com/xenolf/lego')
4 files changed, 24 insertions, 6 deletions
diff --git a/vendor/github.com/xenolf/lego/.travis.yml b/vendor/github.com/xenolf/lego/.travis.yml index 8cf9aed1b..d7a626e23 100644 --- a/vendor/github.com/xenolf/lego/.travis.yml +++ b/vendor/github.com/xenolf/lego/.travis.yml @@ -1,7 +1,7 @@ language: go go: -- 1.8 -- 1.9 +- 1.8.x +- 1.9.x - tip services: - memcached diff --git a/vendor/github.com/xenolf/lego/acme/dns_challenge.go b/vendor/github.com/xenolf/lego/acme/dns_challenge.go index 133739748..d6844dcd4 100644 --- a/vendor/github.com/xenolf/lego/acme/dns_challenge.go +++ b/vendor/github.com/xenolf/lego/acme/dns_challenge.go @@ -255,6 +255,13 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { // Check if we got a SOA RR in the answer section if in.Rcode == dns.RcodeSuccess { + + // CNAME records cannot/should not exist at the root of a zone. + // So we skip a domain when a CNAME is found. + if dnsMsgContainsCNAME(in) { + continue + } + for _, ans := range in.Answer { if soa, ok := ans.(*dns.SOA); ok { zone := soa.Hdr.Name @@ -268,6 +275,16 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { return "", fmt.Errorf("Could not find the start of authority") } +// dnsMsgContainsCNAME checks for a CNAME answer in msg +func dnsMsgContainsCNAME(msg *dns.Msg) bool { + for _, ans := range msg.Answer { + if _, ok := ans.(*dns.CNAME); ok { + return true + } + } + return false +} + // ClearFqdnCache clears the cache of fqdn to zone mappings. Primarily used in testing. func ClearFqdnCache() { fqdnToZone = map[string]string{} diff --git a/vendor/github.com/xenolf/lego/acme/dns_challenge_test.go b/vendor/github.com/xenolf/lego/acme/dns_challenge_test.go index 4a2a7feac..117ac3038 100644 --- a/vendor/github.com/xenolf/lego/acme/dns_challenge_test.go +++ b/vendor/github.com/xenolf/lego/acme/dns_challenge_test.go @@ -43,9 +43,10 @@ var findZoneByFqdnTests = []struct { fqdn string zone string }{ - {"mail.google.com.", "google.com."}, // domain is a CNAME - {"foo.google.com.", "google.com."}, // domain is a non-existent subdomain - {"example.com.ac.", "ac."}, // domain is a eTLD + {"mail.google.com.", "google.com."}, // domain is a CNAME + {"foo.google.com.", "google.com."}, // domain is a non-existent subdomain + {"example.com.ac.", "ac."}, // domain is a eTLD + {"cross-zone-example.assets.sh.", "assets.sh."}, // domain is a cross-zone CNAME } var checkAuthoritativeNssTests = []struct { diff --git a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go index 04897aa18..6a30b318a 100644 --- a/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go +++ b/vendor/github.com/xenolf/lego/providers/dns/azure/azure.go @@ -30,7 +30,7 @@ type DNSProvider struct { // NewDNSProvider returns a DNSProvider instance configured for azure. // Credentials must be passed in the environment variables: AZURE_CLIENT_ID, -// AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID +// AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID, AZURE_RESOURCE_GROUP func NewDNSProvider() (*DNSProvider, error) { clientId := os.Getenv("AZURE_CLIENT_ID") clientSecret := os.Getenv("AZURE_CLIENT_SECRET") |