ddclient: T5144: Warn against configuration with broken IP lookup service

We always enable HTTPS in ddclient configuration, however
`http://checkip.dyndns.org` is HTTP only and does not support HTTPS.
Warn the user if they are using this service.

Also, make `url` in `web-options` mandatory.

1 files changed, 11 insertions, 1 deletions

diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index 809c650d9..99fa8feee 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -15,7 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-
+import re
 from sys import exit
 
 from vyos.base import Warning
@@ -103,6 +103,16 @@ def verify(dyndns):
                 raise ConfigError(f'"web-options" is applicable only when using HTTP(S) '
                                   f'web request to obtain the IP address')
 
+        # Warn if using checkip.dyndns.org, as it does not support HTTPS
+        # See: https://github.com/ddclient/ddclient/issues/597
+        if 'web_options' in config:
+            if 'url' not in config['web_options']:
+                raise ConfigError(f'"url" in "web-options" {error_msg_req} '
+                                  f'with protocol "{config["protocol"]}"')
+            elif re.search("^(https?://)?checkip\.dyndns\.org", config['web_options']['url']):
+                Warning(f'"checkip.dyndns.org" does not support HTTPS requests for IP address '
+                        f'lookup. Please use a different IP address lookup service.')
+
         # RFC2136 uses 'key' instead of 'password'
         if config['protocol'] != 'nsupdate' and 'password' not in config:
             raise ConfigError(f'"password" {error_msg_req}')