ddclient: T5144: Warn against configuration with broken IP lookup ser…

…vice We always enable HTTPS in ddclient configuration, however `http://checkip.dyndns.org` is HTTP only and does not support HTTPS. Warn the user if they are using this service. Also, make `url` in `web-options` mandatory.
vyos · Dec 26, 2023 · 78beafe · 78beafe
1 parent 3b6f2e3
commit 78beafe
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
@@ -15,7 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-
+import re
 from sys import exit
 
 from vyos.base import Warning
@@ -103,6 +103,16 @@ def verify(dyndns):
                 raise ConfigError(f'"web-options" is applicable only when using HTTP(S) '
                                   f'web request to obtain the IP address')
 
+        # Warn if using checkip.dyndns.org, as it does not support HTTPS
+        # See: https://github.com/ddclient/ddclient/issues/597
+        if 'web_options' in config:
+            if 'url' not in config['web_options']:
+                raise ConfigError(f'"url" in "web-options" {error_msg_req} '
+                                  f'with protocol "{config["protocol"]}"')
+            elif re.search("^(https?://)?checkip\.dyndns\.org", config['web_options']['url']):
+                Warning(f'"checkip.dyndns.org" does not support HTTPS requests for IP address '
+                        f'lookup. Please use a different IP address lookup service.')
+
         # RFC2136 uses 'key' instead of 'password'
         if config['protocol'] != 'nsupdate' and 'password' not in config:
             raise ConfigError(f'"password" {error_msg_req}')