diff options
| author | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 15:37:23 +0100 |
|---|---|---|
| committer | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 15:37:23 +0100 |
| commit | de07c82a4df73982b1ef798aa0b0a4ffafa8cdeb (patch) | |
| tree | b89f6b8a8b863ca7bffd02ee8e9ecc48346809c4 | |
| parent | 976e5e35f7696e2b2c5abc0d9ade4aa8601e13d6 (diff) | |
| download | nextcloud-server-de07c82a4df73982b1ef798aa0b0a4ffafa8cdeb.tar.gz nextcloud-server-de07c82a4df73982b1ef798aa0b0a4ffafa8cdeb.zip | |
Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like
* http://example.net/.well-known/pki-validation/file.txt (Comodo)
* http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust)
* http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign)
* http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy)
* http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign)
for automated SSL certificate verifications. All (common commercial)
certificate authorities (CA) except Let's Encrypt (via ACME) seem to
use "pki-validation" rather "acme-challenge" for their domain control
validation (DCV).
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
| -rw-r--r-- | .htaccess | 2 | ||||
| -rw-r--r-- | lib/private/Setup.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/.htaccess b/.htaccess index 7bf8759e383..005f23b64d5 100644 --- a/.htaccess +++ b/.htaccess @@ -63,7 +63,7 @@ RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] - RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* + RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule> <IfModule mod_mime.c> diff --git a/lib/private/Setup.php b/lib/private/Setup.php index 92246e8322e..c72b5f8bb8b 100644 --- a/lib/private/Setup.php +++ b/lib/private/Setup.php @@ -482,7 +482,7 @@ class Setup { $content .= "\n RewriteCond %{REQUEST_FILENAME} !/robots.txt"; $content .= "\n RewriteCond %{REQUEST_FILENAME} !/updater/"; $content .= "\n RewriteCond %{REQUEST_FILENAME} !/ocs-provider/"; - $content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*"; + $content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*"; $content .= "\n RewriteRule . index.php [PT,E=PATH_INFO:$1]"; $content .= "\n RewriteBase " . $rewriteBase; $content .= "\n <IfModule mod_env.c>"; |