summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2021-05-17 17:50:23 +0200
committerkali kaneko (leap communications) <kali@leap.se>2021-05-17 17:57:54 +0200
commitc6c0209ad45fb7d2e45370ee3a39f2dd437603b0 (patch)
treeb374a9536fcb4f3d4fb449db4eab042cef14577c /pkg
parent86d30f2a2edc0d9b9c54b51258a6566e37476849 (diff)
[feat] log dns lookup if first cert fetch fails
Diffstat (limited to 'pkg')
-rw-r--r--pkg/vpn/bonafide/eip_service.go10
-rw-r--r--pkg/vpn/diagnose.go19
-rw-r--r--pkg/vpn/openvpn.go3
3 files changed, 27 insertions, 5 deletions
diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go
index 5755b6c..c106135 100644
--- a/pkg/vpn/bonafide/eip_service.go
+++ b/pkg/vpn/bonafide/eip_service.go
@@ -79,17 +79,17 @@ func (b *Bonafide) fetchEipJSON() error {
eip3API := config.APIURL + "3/config/eip-service.json"
resp, err := b.client.Post(eip3API, "", nil)
for err != nil {
- log.Printf("Error fetching eip v3 json: %v", err)
- // TODO why exactly 1 retry? Make it configurable, for tests
- time.Sleep(retryFetchJSONSeconds * time.Second)
resp, err = b.client.Post(eip3API, "", nil)
if err != nil {
- // TODO it might be that it's not an error, but an empty file or whatever done
+ // TODO it might be that we get no error, but an empty file or whatever done
// by DNS poisoning. Should try to parse the file.
uri := b.getURLNoDNS("eip")
- log.Println("Fetching ", uri)
resp, err = b.client.Post(uri, "", nil)
}
+ if err != nil {
+ log.Printf("Error fetching eip v3 json: %v", err)
+ time.Sleep(retryFetchJSONSeconds * time.Second)
+ }
}
defer resp.Body.Close()
diff --git a/pkg/vpn/diagnose.go b/pkg/vpn/diagnose.go
new file mode 100644
index 0000000..5d12d4d
--- /dev/null
+++ b/pkg/vpn/diagnose.go
@@ -0,0 +1,19 @@
+package vpn
+
+import (
+ "log"
+ "net"
+)
+
+func logDnsLookup(domain string) {
+ addrs, err := net.LookupHost(domain)
+ if err != nil {
+ log.Println("ERROR cannot resolve address:", domain)
+ log.Println(err)
+ }
+
+ log.Println("From here,", domain, "resolves to:")
+ for _, addr := range addrs {
+ log.Println(addr)
+ }
+}
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index a568a32..244195b 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -202,6 +202,8 @@ func (b *Bitmask) getCert() (certPath string, err error) {
}
}
if failed || !isValidCert(certPath) {
+ d := config.APIURL[8 : len(config.APIURL)-1]
+ logDnsLookup(d)
cert, err := b.bonafide.GetPemCertificateNoDNS()
if cert != nil {
log.Println("Successfully did certificate bypass")
@@ -214,6 +216,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
failed = true
}
}
+
return certPath, err
}