Merge branch 'master' into 4927-refactor-tls

2024-11-21 20:45:33 +03:00 · 2022-11-22 17:10:40 +03:00 · 2022-11-22 17:10:40 +03:00 · 0c7d56dca3
commit 0c7d56dca3
parent f36efa26a4 08282dc4d9
3 changed files with 30 additions and 7 deletions
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@ -393,6 +393,7 @@
    "encryption_issuer": "Issuer",
    "encryption_hostnames": "Hostnames",
    "encryption_reset": "Are you sure you want to reset encryption settings?",
+    "encryption_warning": "Warning",
    "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
    "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
    "form_error_port_range": "Enter port number in the range of 80-65535",
--- a/client/src/components/Settings/Encryption/Form.js
+++ b/client/src/components/Settings/Encryption/Form.js
@ -56,6 +56,26 @@ const clearFields = (change, setTlsConfig, t) => {
    }
 };

+const validationMessage = (warningValidation, isWarning) => {
+    if (!warningValidation) {
+        return null;
+    }
+
+    if (isWarning) {
+        return (
+            <div className="col-12">
+                <p><Trans>encryption_warning</Trans>: {warningValidation}</p>
+            </div>
+        );
+    }
+
+    return (
+        <div className="col-12">
+            <p className="text-danger">{warningValidation}</p>
+        </div>
+    );
+};
+
 let Form = (props) => {
    const {
        t,
@ -95,6 +115,8 @@ let Form = (props) => {
        || !valid_cert
        || !valid_pair;

+    const isWarning = valid_key && valid_cert && valid_pair;
+
    return (
        <form onSubmit={handleSubmit}>
            <div className="row">
@ -382,11 +404,7 @@ let Form = (props) => {
                        )}
                    </div>
                </div>
-                {warning_validation && (
-                    <div className="col-12">
-                        <p className="text-danger">{warning_validation}</p>
-                    </div>
-                )}
+                {validationMessage(warning_validation, isWarning)}
            </div>

            <div className="btn-list mt-2">
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@ -252,6 +252,11 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
 	return nil
 }

+// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
+// certificate doesn't contain IPs.
+const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
+	`DNS-over-TLS won't be advertised via DDR`
+
 // parseCertChain parses the certificate chain from raw data, and returns it.
 // If ok is true, the returned error, if any, is not critical.
 func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
@ -274,8 +279,7 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
 	log.Info("tls: number of certs: %d", len(parsedCerts))

 	if !aghtls.CertificateHasIP(parsedCerts[0]) {
-		err = errors.Error(`certificate has no IP addresses` +
-			`, this may cause issues with DNS-over-TLS clients`)
+		err = errNoIPInCert
 	}

 	return parsedCerts, true, err