diff options
author | Alban Lecocq <alban@lempire.co> | 2021-04-29 18:56:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-29 10:56:01 -0600 |
commit | ff6ca577ec7196e2cf3991c817d3655754de4b24 (patch) | |
tree | 8699774d9adcea7dd3c5d3c4dcbb7a171de57e4a | |
parent | 90175571698d7cb0e4184d257a425f0bd11c713d (diff) |
httpcaddyfile: Fix unexpectedly removed policy (#4128)
* httpcaddyfile: Fix unexpectedly removed policy
When user set on_demand tls option in a catch-all (:443) policy,
we expect other policies to not have the on_demand enabled
See ex in tls_automation_policies_5.txt
Btw, we can remove policies if they are **all** empty.
* Update caddyconfig/httpcaddyfile/tlsapp.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 10 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt | 62 |
2 files changed, 69 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 1e32be0..72f99be 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -480,15 +480,19 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls return len(aps[i].Subjects) > len(aps[j].Subjects) }) - // remove any empty policies (except subjects, of course) + emptyAPCount := 0 + // compute the number of empty policies (disregarding subjects) - see #4128 emptyAP := new(caddytls.AutomationPolicy) for i := 0; i < len(aps); i++ { emptyAP.Subjects = aps[i].Subjects if reflect.DeepEqual(aps[i], emptyAP) { - aps = append(aps[:i], aps[i+1:]...) - i-- + emptyAPCount++ } } + // If all policies are empty, we can return nil, as there is no need to set any policy + if emptyAPCount == len(aps) { + return nil + } // remove or combine duplicate policies outer: diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt new file mode 100644 index 0000000..87d278d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt @@ -0,0 +1,62 @@ +a.example.com { +} + +b.example.com { +} + +:443 { + tls { + on_demand + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com", + "b.example.com" + ] + }, + { + "on_demand": true + } + ] + } + } + } +}
\ No newline at end of file |