diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-09-13 11:46:58 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-09-13 11:46:58 -0600 |
commit | 839507e24e4d8d2d8052335fafb110513865efc0 (patch) | |
tree | fc9346b81193bc38af38b3a86cc3904be1873401 | |
parent | 833d67446f14e88c2888db2c3796568fd00bae7a (diff) |
http: Consider wildcards when evaluating automatic HTTPS
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | modules/caddyhttp/caddyhttp.go | 4 | ||||
-rw-r--r-- | modules/caddytls/tls.go | 8 |
4 files changed, 9 insertions, 9 deletions
@@ -17,7 +17,7 @@ require ( github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b github.com/klauspost/cpuid v1.2.1 github.com/lucas-clemente/quic-go v0.7.1-0.20190908032346-fc962d18373a - github.com/mholt/certmagic v0.7.0 + github.com/mholt/certmagic v0.7.1 github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936 github.com/muhammadmuzzammil1998/jsonc v0.0.0-20190902132743-e4903c4dea48 github.com/rs/cors v1.6.0 @@ -156,8 +156,8 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/certmagic v0.7.0 h1:F1rn76bjfSq5hNF19Jb8TbfCkgR/AAxfSMLUGy1FpX8= -github.com/mholt/certmagic v0.7.0/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w= +github.com/mholt/certmagic v0.7.1 h1:nbSSVwvlDE3+vttD/RBikBIkxrlKVkIQOz449gCrG5Q= +github.com/mholt/certmagic v0.7.1/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w= github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI= github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index b6a8148..c044a9b 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -313,8 +313,8 @@ func (app *App) automaticHTTPS() error { // don't obtain another one for it, unless we are // supposed to ignore loaded certificates if !srv.AutoHTTPS.IgnoreLoadedCerts && - len(tlsApp.CertificatesWithSAN(d)) > 0 { - log.Printf("[INFO][%s] Skipping automatic certificate management because a certificate with that SAN is already loaded", d) + len(tlsApp.AllMatchingCertificates(d)) > 0 { + log.Printf("[INFO][%s] Skipping automatic certificate management because one or more matching certificates are already loaded", d) continue } domainsForCerts = append(domainsForCerts, d) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index bbcf61e..99d3a5f 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -200,10 +200,10 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy { return AutomationPolicy{Management: new(ACMEManagerMaker)} } -// CertificatesWithSAN returns the list of all certificates -// in the cache the match the given SAN value. -func (t *TLS) CertificatesWithSAN(san string) []certmagic.Certificate { - return t.certCache.CertificatesWithSAN(san) +// CertificatesForSAN returns the list of all certificates in +// the cache which could be used to satisfy the given SAN. +func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate { + return t.certCache.AllMatchingCertificates(san) } // CertificateLoader is a type that can load certificates. |