httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198)

In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
author: Matthew Holt <mholt@users.noreply.github.com> 2021-06-09 14:34:59 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2021-06-09 14:35:09 -0600
commit: 05656a60b3b089ce1735a1ebb02539cca9f68fb4 (patch)
tree: 3fb0db25f2c0a21225c89dc85fc438792ac64978 /caddyconfig/httpcaddyfile/tlsapp.go
parent: 1e92258dd670dc62a55b100d1e68e7f482da14a1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index b7a8f02..1bfddda 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -189,7 +189,7 @@ func (st ServerType) buildTLSApp(
 			}
 
 			// associate our new automation policy with this server block's hosts
-			ap.Subjects = sblockHosts
+			ap.Subjects = sblock.hostsFromKeysNotHTTP(httpPort)
 			sort.Strings(ap.Subjects) // solely for deterministic test results
 
 			// if a combination of public and internal names were given
author	Matthew Holt <mholt@users.noreply.github.com>	2021-06-09 14:34:59 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2021-06-09 14:35:09 -0600
commit	05656a60b3b089ce1735a1ebb02539cca9f68fb4 (patch)
tree	3fb0db25f2c0a21225c89dc85fc438792ac64978 /caddyconfig/httpcaddyfile/tlsapp.go
parent	1e92258dd670dc62a55b100d1e68e7f482da14a1 (diff)