mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-21 12:35:33 +03:00
Merge branch 'master' into 4927-refactor-tls
This commit is contained in:
commit
0c7d56dca3
3 changed files with 30 additions and 7 deletions
|
@ -393,6 +393,7 @@
|
|||
"encryption_issuer": "Issuer",
|
||||
"encryption_hostnames": "Hostnames",
|
||||
"encryption_reset": "Are you sure you want to reset encryption settings?",
|
||||
"encryption_warning": "Warning",
|
||||
"topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
|
||||
"topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
|
||||
"form_error_port_range": "Enter port number in the range of 80-65535",
|
||||
|
|
|
@ -56,6 +56,26 @@ const clearFields = (change, setTlsConfig, t) => {
|
|||
}
|
||||
};
|
||||
|
||||
const validationMessage = (warningValidation, isWarning) => {
|
||||
if (!warningValidation) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (isWarning) {
|
||||
return (
|
||||
<div className="col-12">
|
||||
<p><Trans>encryption_warning</Trans>: {warningValidation}</p>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="col-12">
|
||||
<p className="text-danger">{warningValidation}</p>
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
let Form = (props) => {
|
||||
const {
|
||||
t,
|
||||
|
@ -95,6 +115,8 @@ let Form = (props) => {
|
|||
|| !valid_cert
|
||||
|| !valid_pair;
|
||||
|
||||
const isWarning = valid_key && valid_cert && valid_pair;
|
||||
|
||||
return (
|
||||
<form onSubmit={handleSubmit}>
|
||||
<div className="row">
|
||||
|
@ -382,11 +404,7 @@ let Form = (props) => {
|
|||
)}
|
||||
</div>
|
||||
</div>
|
||||
{warning_validation && (
|
||||
<div className="col-12">
|
||||
<p className="text-danger">{warning_validation}</p>
|
||||
</div>
|
||||
)}
|
||||
{validationMessage(warning_validation, isWarning)}
|
||||
</div>
|
||||
|
||||
<div className="btn-list mt-2">
|
||||
|
|
|
@ -252,6 +252,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
|
|||
return nil
|
||||
}
|
||||
|
||||
// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
|
||||
// certificate doesn't contain IPs.
|
||||
const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
|
||||
`DNS-over-TLS won't be advertised via DDR`
|
||||
|
||||
// parseCertChain parses the certificate chain from raw data, and returns it.
|
||||
// If ok is true, the returned error, if any, is not critical.
|
||||
func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
|
||||
|
@ -274,8 +279,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
|
|||
log.Info("tls: number of certs: %d", len(parsedCerts))
|
||||
|
||||
if !aghtls.CertificateHasIP(parsedCerts[0]) {
|
||||
err = errors.Error(`certificate has no IP addresses` +
|
||||
`, this may cause issues with DNS-over-TLS clients`)
|
||||
err = errNoIPInCert
|
||||
}
|
||||
|
||||
return parsedCerts, true, err
|
||||
|
|
Loading…
Reference in a new issue