diff options
author | Matt Holt <mholt@users.noreply.github.com> | 2020-05-05 12:37:52 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-05 12:37:52 -0600 |
commit | 2f59467ac3b8f31b0f2ad9af346bb52a045a3db2 (patch) | |
tree | 5dc15fea6849d2b9138656ddb3b7b614dcfc8ec1 | |
parent | 184e8e9f713bf39e82f4677452998bb003de6e6d (diff) |
httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)
This can lead to nicer, smaller JSON output for Caddyfiles like this:
a {
tls internal
}
b {
tls foo@bar.com
}
i.e. where the tls directive only configures automation policies, and
is merely meant to enable TLS on a server block (if it wasn't implied).
This helps keeps implicit config implicit.
Needs a little more testing to ensure it doesn't break anything
important.
-rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 5 | ||||
-rw-r--r-- | modules/caddytls/connpolicy.go | 13 |
2 files changed, 17 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 775c062..aacaf91 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings( hasCatchAllTLSConnPolicy = true } - srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + // only append this policy if it actually changes something + if !cp.SettingsEmpty() { + srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + } } } diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 30f7290..1de7c2e 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { return nil } +// SettingsEmpty returns true if p's settings (fields +// except the matchers) are all empty/unset. +func (p ConnectionPolicy) SettingsEmpty() bool { + return p.CertSelection == nil && + p.CipherSuites == nil && + p.Curves == nil && + p.ALPN == nil && + p.ProtocolMin == "" && + p.ProtocolMax == "" && + p.ClientAuthentication == nil && + p.DefaultSNI == "" +} + // ClientAuthentication configures TLS client auth. type ClientAuthentication struct { // A list of base64 DER-encoded CA certificates |