compare IPv6 addresses correctly with normalization (#1052)

2026-03-16 17:47:23 +01:00 · 2017-01-15 10:41:12 -05:00
parent 41601a592f
commit 584cfe42c4
2 changed files with 13 additions and 7 deletions
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -4,7 +4,6 @@
 import os, os.path, re, shutil

 from utils import shell, safe_domain_name, sort_domains
-
 import idna

 # SELECTING SSL CERTIFICATES FOR USE IN WEB
@@ -214,6 +213,7 @@ def get_certificates_to_provision(env, show_extended_problems=True, force_domain

 	# Filter out domains that we can't provision a certificate for.
 	def can_provision_for_domain(domain):
+		from status_checks import normalize_ip
 		# Let's Encrypt doesn't yet support IDNA domains.
 		# We store domains in IDNA (ASCII). To see if this domain is IDNA,
 		# we'll see if its IDNA-decoded form is different.
@@ -252,7 +252,7 @@ def get_certificates_to_provision(env, show_extended_problems=True, force_domain
 				return s
 			# END HOTFIX

-			if len(response) != 1 or rdata__str__(response[0]) != value:
+			if len(response) != 1 or normalize_ip(rdata__str__(response[0])) != normalize_ip(value):
 				problems[domain] = "Domain control validation cannot be performed for this domain because DNS points the domain to another machine (%s %s)." % (rtype, ", ".join(rdata__str__(r) for r in response))
 				return False