improvement: warning on misconfigured reverse proxy
This commit is contained in:
Timo Kösters
parent
026af6b1a6
commit
226045ea4b
3 changed files with 10 additions and 6 deletions
|
|
@ -52,7 +52,10 @@ impl ServerCertVerifier for MatrixServerVerifier {
|
|||
if result.is_ok() {
|
||||
return result;
|
||||
}
|
||||
info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name);
|
||||
info!(
|
||||
"Server {:?} is non-compliant, retrying TLS verification with original name",
|
||||
dns_name
|
||||
);
|
||||
}
|
||||
self.inner
|
||||
.verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
|
||||
|
|
|
|||
|
|
@ -203,9 +203,6 @@ where
|
|||
"uri".to_owned(),
|
||||
CanonicalJsonValue::String(request.uri().to_string()),
|
||||
);
|
||||
|
||||
println!("{}: {:?}", origin, request.uri().to_string());
|
||||
|
||||
request_map.insert(
|
||||
"origin".to_owned(),
|
||||
CanonicalJsonValue::String(origin.as_str().to_owned()),
|
||||
|
|
@ -252,7 +249,11 @@ where
|
|||
match ruma::signatures::verify_json(&pub_key_map, &request_map) {
|
||||
Ok(()) => (None, None, false),
|
||||
Err(e) => {
|
||||
warn!("Failed to verify json request from {}: {}", origin, e,);
|
||||
warn!("Failed to verify json request from {}: {}", origin, e);
|
||||
|
||||
if request.uri().to_string().contains('@') {
|
||||
warn!("Request uri contained '@' character. Make sure your reverse proxy gives Conduit the raw uri (apache: use nocanon)");
|
||||
}
|
||||
|
||||
// Forbidden
|
||||
return Failure((Status::raw(580), ()));
|
||||
|
|
|
|||
|
|
@ -2201,7 +2201,7 @@ pub async fn fetch_required_signing_keys(
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{FedDest, add_port_to_hostname, get_ip_with_port};
|
||||
use super::{add_port_to_hostname, get_ip_with_port, FedDest};
|
||||
|
||||
#[test]
|
||||
fn ips_get_default_ports() {
|
||||
|
|
|
|||
Loading…
Reference in a new issue