summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-03-01 20:02:39 -0500
committerGitHub <noreply@github.com>2022-03-01 20:02:39 -0500
commit5bd96a6ac22849cd9fbbaae5285f0161e272b8e4 (patch)
tree7bfc2dd916612382e5adc3d1a144ccc2e00cde43
parentac14b64e08a6ea63067c62cf1bad9cd6ad823d60 (diff)
httpcaddyfile: Support explicitly turning off `strict_sni_host` (#4592)
-rw-r--r--caddyconfig/httpcaddyfile/serveroptions.go11
-rw-r--r--caddytest/integration/caddyfile_adapt/global_server_options_multi.txt12
2 files changed, 17 insertions, 6 deletions
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go
index 623f4d7..7a75252 100644
--- a/caddyconfig/httpcaddyfile/serveroptions.go
+++ b/caddyconfig/httpcaddyfile/serveroptions.go
@@ -157,11 +157,14 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error
serverOpts.ExperimentalHTTP3 = true
case "strict_sni_host":
- if d.NextArg() {
- return nil, d.ArgErr()
+ if d.NextArg() && d.Val() != "insecure_off" && d.Val() != "on" {
+ return nil, d.Errf("strict_sni_host only supports 'on' or 'insecure_off', got '%s'", d.Val())
+ }
+ boolVal := true
+ if d.Val() == "insecure_off" {
+ boolVal = false
}
- trueBool := true
- serverOpts.StrictSNIHost = &trueBool
+ serverOpts.StrictSNIHost = &boolVal
default:
return nil, d.Errf("unrecognized protocol option '%s'", d.Val())
diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt
index 90c02e5..c01173b 100644
--- a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt
+++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt
@@ -3,6 +3,9 @@
timeouts {
idle 90s
}
+ protocol {
+ strict_sni_host insecure_off
+ }
}
servers :80 {
timeouts {
@@ -13,6 +16,9 @@
timeouts {
idle 30s
}
+ protocol {
+ strict_sni_host
+ }
}
}
@@ -46,7 +52,8 @@ http://bar.com {
],
"terminal": true
}
- ]
+ ],
+ "strict_sni_host": true
},
"srv1": {
"listen": [
@@ -70,7 +77,8 @@ http://bar.com {
"listen": [
":8080"
],
- "idle_timeout": 90000000000
+ "idle_timeout": 90000000000,
+ "strict_sni_host": false
}
}
}