summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2021-01-04 11:25:29 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2021-01-04 11:25:41 -0700
commit7846bc1e06b2de97906cd562d16db4b2aafbd74b (patch)
treeacc06ce4fb1e35e948ff2e6f86264c7076b73020
parent144b65cf993f7078cccee9e1e119d18537922b81 (diff)
httpcaddyfile: Adjust iterator when removing AP (fix #3953)
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go3
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt (renamed from caddytest/integration/caddyfile_adapt/tls_automation_policies.txt)0
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt96
3 files changed, 98 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 6a6e3ca..1fabc45 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -453,7 +453,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon
// ZeroSSL), the proper wrapper over acmeIssuer will be returned instead.
func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer {
// as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an
- // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer
+ // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer
// because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer)
if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil {
return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer}
@@ -518,6 +518,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
// '*.com', which might be different (yes we've seen this happen)
if automationPolicyShadows(i, aps) >= j {
aps = append(aps[:i], aps[i+1:]...)
+ i--
}
} else {
// avoid repeated subjects
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt
index c3fd489..c3fd489 100644
--- a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt
new file mode 100644
index 0000000..db8e38b
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt
@@ -0,0 +1,96 @@
+# issue #3953
+
+{
+ cert_issuer zerossl api_key
+}
+
+example.com {
+ tls {
+ on_demand
+ }
+}
+
+http://example.net {
+}
+
+:1234 {
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":1234"
+ ]
+ },
+ "srv1": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ },
+ "srv2": {
+ "listen": [
+ ":80"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.net"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "automatic_https": {
+ "skip": [
+ "example.net"
+ ]
+ }
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "example.com"
+ ],
+ "issuers": [
+ {
+ "api_key": "api_key",
+ "module": "zerossl"
+ }
+ ],
+ "on_demand": true
+ },
+ {
+ "issuers": [
+ {
+ "api_key": "api_key",
+ "module": "zerossl"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+} \ No newline at end of file