summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Holt <mholt@users.noreply.github.com>2020-05-05 12:37:52 -0600
committerGitHub <noreply@github.com>2020-05-05 12:37:52 -0600
commit2f59467ac3b8f31b0f2ad9af346bb52a045a3db2 (patch)
tree5dc15fea6849d2b9138656ddb3b7b614dcfc8ec1
parent184e8e9f713bf39e82f4677452998bb003de6e6d (diff)
httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)
This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go5
-rw-r--r--modules/caddytls/connpolicy.go13
2 files changed, 17 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 775c062..aacaf91 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings(
hasCatchAllTLSConnPolicy = true
}
- srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+ // only append this policy if it actually changes something
+ if !cp.SettingsEmpty() {
+ srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+ }
}
}
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 30f7290..1de7c2e 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
return nil
}
+// SettingsEmpty returns true if p's settings (fields
+// except the matchers) are all empty/unset.
+func (p ConnectionPolicy) SettingsEmpty() bool {
+ return p.CertSelection == nil &&
+ p.CipherSuites == nil &&
+ p.Curves == nil &&
+ p.ALPN == nil &&
+ p.ProtocolMin == "" &&
+ p.ProtocolMax == "" &&
+ p.ClientAuthentication == nil &&
+ p.DefaultSNI == ""
+}
+
// ClientAuthentication configures TLS client auth.
type ClientAuthentication struct {
// A list of base64 DER-encoded CA certificates