diff --git a/letsencrypt/client/plugins/nginx/configurator.py b/letsencrypt/client/plugins/nginx/configurator.py index 47a732070..84588ffe8 100644 --- a/letsencrypt/client/plugins/nginx/configurator.py +++ b/letsencrypt/client/plugins/nginx/configurator.py @@ -378,9 +378,15 @@ class NginxConfigurator(object): sni_regex = re.compile(r"TLS SNI support enabled", re.IGNORECASE) sni_matches = sni_regex.findall(text) + ssl_regex = re.compile(r" --with-http_ssl_module") + ssl_matches = ssl_regex.findall(text) + if not version_matches: raise errors.LetsEncryptConfiguratorError( "Unable to find Nginx version") + if not ssl_matches: + raise errors.LetsEncryptConfiguratorError( + "Nginx build is missing SSL module (--with-http_ssl_module).") if not sni_matches: raise errors.LetsEncryptConfiguratorError( "Nginx build doesn't support SNI") @@ -388,9 +394,7 @@ class NginxConfigurator(object): nginx_version = tuple([int(i) for i in version_matches[0].split(".")]) # nginx < 0.8.21 doesn't use default_server - if (nginx_version[0] == 0 and (nginx_version[1] < 8 or - (nginx_version[1] == 8 and - nginx_version[2] < 21))): + if nginx_version < (0, 8, 21): raise errors.LetsEncryptConfiguratorError( "Nginx version must be 0.8.21+") diff --git a/letsencrypt/client/plugins/nginx/tests/configurator_test.py b/letsencrypt/client/plugins/nginx/tests/configurator_test.py index 225ab1610..0ac0fd8bc 100644 --- a/letsencrypt/client/plugins/nginx/tests/configurator_test.py +++ b/letsencrypt/client/plugins/nginx/tests/configurator_test.py @@ -200,21 +200,43 @@ class NginxConfiguratorTest(util.NginxTest): "nginx/1.6.2 --with-http_ssl_module"])) self.assertEqual(self.config.get_version(), (1, 4, 2)) + mock_popen().communicate.return_value = ( + "", "\n".join(["nginx version: nginx/0.9", + "built by clang 6.0 (clang-600.0.56)" + " (based on LLVM 3.5svn)", + "TLS SNI support enabled", + "configure arguments: --with-http_ssl_module"])) + self.assertEqual(self.config.get_version(), (0, 9)) + mock_popen().communicate.return_value = ( "", "\n".join(["blah 0.0.1", + "built by clang 6.0 (clang-600.0.56)" + " (based on LLVM 3.5svn)", + "TLS SNI support enabled", + "configure arguments: --with-http_ssl_module"])) + self.assertRaises(errors.LetsEncryptConfiguratorError, + self.config.get_version) + + mock_popen().communicate.return_value = ( + "", "\n".join(["nginx version: nginx/1.4.2", "TLS SNI support enabled"])) self.assertRaises(errors.LetsEncryptConfiguratorError, self.config.get_version) mock_popen().communicate.return_value = ( "", "\n".join(["nginx version: nginx/1.4.2", - ""])) + "built by clang 6.0 (clang-600.0.56)" + " (based on LLVM 3.5svn)", + "configure arguments: --with-http_ssl_module"])) self.assertRaises(errors.LetsEncryptConfiguratorError, self.config.get_version) mock_popen().communicate.return_value = ( "", "\n".join(["nginx version: nginx/0.8.1", - ""])) + "built by clang 6.0 (clang-600.0.56)" + " (based on LLVM 3.5svn)", + "TLS SNI support enabled", + "configure arguments: --with-http_ssl_module"])) self.assertRaises(errors.LetsEncryptConfiguratorError, self.config.get_version)