diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2021-05-17 17:50:23 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2021-05-17 17:57:54 +0200 |
commit | c6c0209ad45fb7d2e45370ee3a39f2dd437603b0 (patch) | |
tree | b374a9536fcb4f3d4fb449db4eab042cef14577c /pkg/vpn | |
parent | 86d30f2a2edc0d9b9c54b51258a6566e37476849 (diff) |
[feat] log dns lookup if first cert fetch fails
Diffstat (limited to 'pkg/vpn')
-rw-r--r-- | pkg/vpn/bonafide/eip_service.go | 10 | ||||
-rw-r--r-- | pkg/vpn/diagnose.go | 19 | ||||
-rw-r--r-- | pkg/vpn/openvpn.go | 3 |
3 files changed, 27 insertions, 5 deletions
diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go index 5755b6c..c106135 100644 --- a/pkg/vpn/bonafide/eip_service.go +++ b/pkg/vpn/bonafide/eip_service.go @@ -79,17 +79,17 @@ func (b *Bonafide) fetchEipJSON() error { eip3API := config.APIURL + "3/config/eip-service.json" resp, err := b.client.Post(eip3API, "", nil) for err != nil { - log.Printf("Error fetching eip v3 json: %v", err) - // TODO why exactly 1 retry? Make it configurable, for tests - time.Sleep(retryFetchJSONSeconds * time.Second) resp, err = b.client.Post(eip3API, "", nil) if err != nil { - // TODO it might be that it's not an error, but an empty file or whatever done + // TODO it might be that we get no error, but an empty file or whatever done // by DNS poisoning. Should try to parse the file. uri := b.getURLNoDNS("eip") - log.Println("Fetching ", uri) resp, err = b.client.Post(uri, "", nil) } + if err != nil { + log.Printf("Error fetching eip v3 json: %v", err) + time.Sleep(retryFetchJSONSeconds * time.Second) + } } defer resp.Body.Close() diff --git a/pkg/vpn/diagnose.go b/pkg/vpn/diagnose.go new file mode 100644 index 0000000..5d12d4d --- /dev/null +++ b/pkg/vpn/diagnose.go @@ -0,0 +1,19 @@ +package vpn + +import ( + "log" + "net" +) + +func logDnsLookup(domain string) { + addrs, err := net.LookupHost(domain) + if err != nil { + log.Println("ERROR cannot resolve address:", domain) + log.Println(err) + } + + log.Println("From here,", domain, "resolves to:") + for _, addr := range addrs { + log.Println(addr) + } +} diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go index a568a32..244195b 100644 --- a/pkg/vpn/openvpn.go +++ b/pkg/vpn/openvpn.go @@ -202,6 +202,8 @@ func (b *Bitmask) getCert() (certPath string, err error) { } } if failed || !isValidCert(certPath) { + d := config.APIURL[8 : len(config.APIURL)-1] + logDnsLookup(d) cert, err := b.bonafide.GetPemCertificateNoDNS() if cert != nil { log.Println("Successfully did certificate bypass") @@ -214,6 +216,7 @@ func (b *Bitmask) getCert() (certPath string, err error) { failed = true } } + return certPath, err } |