improvement: warning on misconfigured reverse proxy

This commit is contained in:
Timo Kösters 2021-04-24 12:27:46 +02:00
parent 026af6b1a6
commit 226045ea4b
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
3 changed files with 10 additions and 6 deletions

View File

@ -52,7 +52,10 @@ impl ServerCertVerifier for MatrixServerVerifier {
if result.is_ok() {
return result;
}
info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name);
info!(
"Server {:?} is non-compliant, retrying TLS verification with original name",
dns_name
);
}
self.inner
.verify_server_cert(roots, presented_certs, dns_name, ocsp_response)

View File

@ -203,9 +203,6 @@ where
"uri".to_owned(),
CanonicalJsonValue::String(request.uri().to_string()),
);
println!("{}: {:?}", origin, request.uri().to_string());
request_map.insert(
"origin".to_owned(),
CanonicalJsonValue::String(origin.as_str().to_owned()),
@ -252,7 +249,11 @@ where
match ruma::signatures::verify_json(&pub_key_map, &request_map) {
Ok(()) => (None, None, false),
Err(e) => {
warn!("Failed to verify json request from {}: {}", origin, e,);
warn!("Failed to verify json request from {}: {}", origin, e);
if request.uri().to_string().contains('@') {
warn!("Request uri contained '@' character. Make sure your reverse proxy gives Conduit the raw uri (apache: use nocanon)");
}
// Forbidden
return Failure((Status::raw(580), ()));

View File

@ -2201,7 +2201,7 @@ pub async fn fetch_required_signing_keys(
#[cfg(test)]
mod tests {
use super::{FedDest, add_port_to_hostname, get_ip_with_port};
use super::{add_port_to_hostname, get_ip_with_port, FedDest};
#[test]
fn ips_get_default_ports() {