From c6c0209ad45fb7d2e45370ee3a39f2dd437603b0 Mon Sep 17 00:00:00 2001
From: "kali kaneko (leap communications)" <kali@leap.se>
Date: Mon, 17 May 2021 17:50:23 +0200
Subject: [feat] log dns lookup if first cert fetch fails

---
 pkg/vpn/bonafide/eip_service.go | 10 +++++-----
 pkg/vpn/diagnose.go             | 19 +++++++++++++++++++
 pkg/vpn/openvpn.go              |  3 +++
 3 files changed, 27 insertions(+), 5 deletions(-)
 create mode 100644 pkg/vpn/diagnose.go

(limited to 'pkg')

diff --git a/pkg/vpn/bonafide/eip_service.go b/pkg/vpn/bonafide/eip_service.go
index 5755b6c..c106135 100644
--- a/pkg/vpn/bonafide/eip_service.go
+++ b/pkg/vpn/bonafide/eip_service.go
@@ -79,17 +79,17 @@ func (b *Bonafide) fetchEipJSON() error {
 	eip3API := config.APIURL + "3/config/eip-service.json"
 	resp, err := b.client.Post(eip3API, "", nil)
 	for err != nil {
-		log.Printf("Error fetching eip v3 json: %v", err)
-		// TODO why exactly 1 retry? Make it configurable, for tests
-		time.Sleep(retryFetchJSONSeconds * time.Second)
 		resp, err = b.client.Post(eip3API, "", nil)
 		if err != nil {
-			// TODO it might be that it's not an error, but an empty file or whatever done
+			// TODO it might be that we get no error, but an empty file or whatever done
 			// by DNS poisoning. Should try to parse the file.
 			uri := b.getURLNoDNS("eip")
-			log.Println("Fetching ", uri)
 			resp, err = b.client.Post(uri, "", nil)
 		}
+		if err != nil {
+			log.Printf("Error fetching eip v3 json: %v", err)
+			time.Sleep(retryFetchJSONSeconds * time.Second)
+		}
 	}
 	defer resp.Body.Close()
 
diff --git a/pkg/vpn/diagnose.go b/pkg/vpn/diagnose.go
new file mode 100644
index 0000000..5d12d4d
--- /dev/null
+++ b/pkg/vpn/diagnose.go
@@ -0,0 +1,19 @@
+package vpn
+
+import (
+	"log"
+	"net"
+)
+
+func logDnsLookup(domain string) {
+	addrs, err := net.LookupHost(domain)
+	if err != nil {
+		log.Println("ERROR cannot resolve address:", domain)
+		log.Println(err)
+	}
+
+	log.Println("From here,", domain, "resolves to:")
+	for _, addr := range addrs {
+		log.Println(addr)
+	}
+}
diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index a568a32..244195b 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -202,6 +202,8 @@ func (b *Bitmask) getCert() (certPath string, err error) {
 		}
 	}
 	if failed || !isValidCert(certPath) {
+		d := config.APIURL[8 : len(config.APIURL)-1]
+		logDnsLookup(d)
 		cert, err := b.bonafide.GetPemCertificateNoDNS()
 		if cert != nil {
 			log.Println("Successfully did certificate bypass")
@@ -214,6 +216,7 @@ func (b *Bitmask) getCert() (certPath string, err error) {
 			failed = true
 		}
 	}
+
 	return certPath, err
 }
 
-- 
cgit v1.2.3