mirrors/AdGuardHome
1
0
Fork 0
mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2024-11-21 20:45:33 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into 4927-refactor-tls

Browse source
This commit is contained in:
Ainar Garipov 2022-11-22 17:10:40 +03:00
commit 0c7d56dca3
3 changed files with 30 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
client/src/__locales/en.json
View file

@ -393,6 +393,7 @@
"encryption_issuer": "Issuer", "encryption_issuer": "Issuer",
"encryption_hostnames": "Hostnames", "encryption_hostnames": "Hostnames",
"encryption_reset": "Are you sure you want to reset encryption settings?", "encryption_reset": "Are you sure you want to reset encryption settings?",
"encryption_warning": "Warning",
"topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.", "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
"topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.", "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
"form_error_port_range": "Enter port number in the range of 80-65535", "form_error_port_range": "Enter port number in the range of 80-65535",

28
client/src/components/Settings/Encryption/Form.js
View file

@ -56,6 +56,26 @@ const clearFields = (change, setTlsConfig, t) => {
} }
}; };
const validationMessage = (warningValidation, isWarning) => {
if (!warningValidation) {
return null;
}
if (isWarning) {
return (
<div className="col-12">
<p><Trans>encryption_warning</Trans>: {warningValidation}</p>
</div>
);
}
return (
<div className="col-12">
<p className="text-danger">{warningValidation}</p>
</div>
);
};
let Form = (props) => { let Form = (props) => {
const { const {
t, t,
@ -95,6 +115,8 @@ let Form = (props) => {
|| !valid_cert || !valid_cert
|| !valid_pair; || !valid_pair;
const isWarning = valid_key && valid_cert && valid_pair;
return ( return (
<form onSubmit={handleSubmit}> <form onSubmit={handleSubmit}>
<div className="row"> <div className="row">
@ -382,11 +404,7 @@ let Form = (props) => {
)} )}
</div> </div>
</div> </div>
{warning_validation && ( {validationMessage(warning_validation, isWarning)}
<div className="col-12">
<p className="text-danger">{warning_validation}</p>
</div>
)}
</div> </div>
<div className="btn-list mt-2"> <div className="btn-list mt-2">

8
internal/home/tls.go
View file

@ -252,6 +252,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
return nil return nil
} }
// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
// certificate doesn't contain IPs.
const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
`DNS-over-TLS won't be advertised via DDR`
// parseCertChain parses the certificate chain from raw data, and returns it. // parseCertChain parses the certificate chain from raw data, and returns it.
// If ok is true, the returned error, if any, is not critical. // If ok is true, the returned error, if any, is not critical.
func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) { func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
@ -274,8 +279,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
log.Info("tls: number of certs: %d", len(parsedCerts)) log.Info("tls: number of certs: %d", len(parsedCerts))
if !aghtls.CertificateHasIP(parsedCerts[0]) { if !aghtls.CertificateHasIP(parsedCerts[0]) {
err = errors.Error(`certificate has no IP addresses` + err = errNoIPInCert
`, this may cause issues with DNS-over-TLS clients`)
} }
return parsedCerts, true, err return parsedCerts, true, err