sts: Treat missing/empty "mx" list as invalid

The "mx" field is required, a policy without it is invalid, so add a check for it. See https://mailarchive.ietf.org/arch/msg/uta/Omqo1Bw6rJbrTMl2Zo69IJr35Qo for more background, in particular the following paragraph: > The "mx" field is required, so if it is missing, the policy is invalid > and should not be honored. (It doesn't make sense to honor the policy > anyway, I would say, since a policy without allowed MXs is essentially a > way of saying, "There should be TLS and the server identity should match > the MX, whatever the MX is." I guess this prevents SSL stripping, but > doesn't prevent DNS injection, so it's of relatively little value.)
2025-12-22 15:27:02 +00:00 · 2017-01-05 14:45:50 -03:00
parent 933ab54cd8
commit fe00750e39
2 changed files with 13 additions and 4 deletions
--- a/internal/sts/sts_test.go
+++ b/internal/sts/sts_test.go
@@ -24,10 +24,10 @@ func TestParsePolicy(t *testing.T) {

 func TestCheckPolicy(t *testing.T) {
 	validPs := []Policy{
-		{Version: "STSv1", Mode: "enforce", MaxAge: 1 * time.Hour},
-		{Version: "STSv1", Mode: "report", MaxAge: 1 * time.Hour},
-		{Version: "STSv1", Mode: "report", MaxAge: 1 * time.Hour,
+		{Version: "STSv1", Mode: "enforce", MaxAge: 1 * time.Hour,
 			MXs: []string{"mx1", "mx2"}},
+		{Version: "STSv1", Mode: "report", MaxAge: 1 * time.Hour,
+			MXs: []string{"mx1"}},
 	}
 	for i, p := range validPs {
 		if err := p.Check(); err != nil {
@@ -42,6 +42,9 @@ func TestCheckPolicy(t *testing.T) {
 		{Policy{Version: "STSv2"}, ErrUnknownVersion},
 		{Policy{Version: "STSv1"}, ErrInvalidMaxAge},
 		{Policy{Version: "STSv1", MaxAge: 1, Mode: "blah"}, ErrInvalidMode},
+		{Policy{Version: "STSv1", MaxAge: 1, Mode: "enforce"}, ErrInvalidMX},
+		{Policy{Version: "STSv1", MaxAge: 1, Mode: "enforce", MXs: []string{}},
+			ErrInvalidMX},
 	}
 	for i, c := range invalid {
 		if err := c.p.Check(); err != c.expected {