summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-12-07 14:22:47 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-12-07 14:22:47 -0700
commit7e719157d9b7002fc09de63344f7b4fdfa7e9f57 (patch)
tree7a23f0b93af7cd7b04f100320bdbb67ca693a523
parent6e9ac248dd5c2f7a4cd4e37ff277a86c18085be6 (diff)
httpcaddyfile: Decrement counter when removing conn policy (fix #3906)
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go2
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt137
2 files changed, 139 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index fe4c1b1..6a6e3ca 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -487,6 +487,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
// remove or combine duplicate policies
for i := 0; i < len(aps); i++ {
+ // compare only with next policies; we sorted by specificity so we must not delete earlier policies
for j := i + 1; j < len(aps); j++ {
// if they're exactly equal in every way, just keep one of them
if reflect.DeepEqual(aps[i], aps[j]) {
@@ -526,6 +527,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
}
}
aps = append(aps[:j], aps[j+1:]...)
+ j--
}
}
}
diff --git a/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt
new file mode 100644
index 0000000..ba6827e
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt
@@ -0,0 +1,137 @@
+# https://github.com/caddyserver/caddy/issues/3906
+a.a {
+ tls internal
+ respond 403
+}
+
+http://b.b https://b.b:8443 {
+ tls internal
+ respond 404
+}
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "a.a"
+ ]
+ }
+ ],
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "handler": "static_response",
+ "status_code": 403
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ },
+ "srv1": {
+ "listen": [
+ ":80"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "b.b"
+ ]
+ }
+ ],
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "handler": "static_response",
+ "status_code": 404
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ],
+ "automatic_https": {
+ "skip": [
+ "b.b"
+ ]
+ }
+ },
+ "srv2": {
+ "listen": [
+ ":8443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "b.b"
+ ]
+ }
+ ],
+ "handle": [
+ {
+ "handler": "subroute",
+ "routes": [
+ {
+ "handle": [
+ {
+ "handler": "static_response",
+ "status_code": 404
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "a.a",
+ "b.b"
+ ],
+ "issuers": [
+ {
+ "module": "internal"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+} \ No newline at end of file