diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-06-09 14:34:59 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-06-09 14:35:09 -0600 |
commit | 05656a60b3b089ce1735a1ebb02539cca9f68fb4 (patch) | |
tree | 3fb0db25f2c0a21225c89dc85fc438792ac64978 /caddyconfig/httpcaddyfile/tlsapp.go | |
parent | 1e92258dd670dc62a55b100d1e68e7f482da14a1 (diff) |
httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198)
In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
Diffstat (limited to 'caddyconfig/httpcaddyfile/tlsapp.go')
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index b7a8f02..1bfddda 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -189,7 +189,7 @@ func (st ServerType) buildTLSApp( } // associate our new automation policy with this server block's hosts - ap.Subjects = sblockHosts + ap.Subjects = sblock.hostsFromKeysNotHTTP(httpPort) sort.Strings(ap.Subjects) // solely for deterministic test results // if a combination of public and internal names were given |