Add include to every VirtualHost if definite one not found based on name

2026-01-26 07:41:33 +03:00 · 2018-01-17 14:08:45 +02:00
parent f420b19492
commit b8f288a372
2 changed files with 24 additions and 5 deletions
--- a/certbot-apache/certbot_apache/http_01.py
+++ b/certbot-apache/certbot_apache/http_01.py
@@ -36,6 +36,7 @@ class ApacheHttp01(common.TLSSNI01):
        self.challenge_dir = os.path.join(
            self.configurator.config.work_dir,
            "http_challenges")
+        self.moded_vhosts = set()

    def perform(self):
        """Perform all HTTP-01 challenges."""
@@ -71,14 +72,16 @@ class ApacheHttp01(common.TLSSNI01):
                    self.configurator.enable_mod(mod, temp=True)

    def _mod_config(self):
-        moded_vhosts = set()
        for chall in self.achalls:
            vh = self.configurator.find_best_http_vhost(
                chall.domain, filter_defaults=False,
                port=str(self.configurator.config.http01_port))
-            if vh and vh not in moded_vhosts:
+            if vh:
                self._set_up_include_directive(vh)
-                moded_vhosts.add(vh)
+            else:
+                for vh in self.configurator.vhosts:
+                    if not vh.ssl:
+                        self._set_up_include_directive(vh)

        self.configurator.reverter.register_file_creation(
            True, self.challenge_conf)
@@ -121,5 +124,11 @@ class ApacheHttp01(common.TLSSNI01):
    def _set_up_include_directive(self, vhost):
        """Includes override configuration to the beginning of VirtualHost.
        Note that this include isn't added to Augeas search tree"""
-        self.configurator.parser.add_dir_beginning(vhost.path, "Include",
-                                                   self.challenge_conf)
+
+        if vhost not in self.moded_vhosts:
+            logger.debug(
+                "Adding a temporary challenge validation Include for name: %s " +
+                "in: %s", vhost.name, vhost.filep)
+            self.configurator.parser.add_dir_beginning(
+                vhost.path, "Include", self.challenge_conf)
+            self.moded_vhosts.add(vhost)
--- a/certbot-apache/certbot_apache/tests/http_01_test.py
+++ b/certbot-apache/certbot_apache/tests/http_01_test.py
@@ -129,6 +129,16 @@ class ApacheHttp01Test(util.ApacheTest):
        ]
        self.common_perform_test(achalls, [vhost])

+    def test_anonymous_vhost(self):
+        vhosts = [v for v in self.config.vhosts if not v.ssl]
+        achalls = [
+            achallenges.KeyAuthorizationAnnotatedChallenge(
+                challb=acme_util.chall_to_challb(
+                    challenges.HTTP01(token=((b'a' * 16))),
+                    "pending"),
+                domain="something.nonexistent", account_key=self.account_key)]
+        self.common_perform_test(achalls, vhosts)
+
    def common_perform_test(self, achalls, vhosts):
        """Tests perform with the given achalls."""
        challenge_dir = self.http.challenge_dir