summaryrefslogtreecommitdiff
path: root/caddyconfig
diff options
context:
space:
mode:
authorAlban Lecocq <alban@lempire.co>2021-04-29 18:56:01 +0200
committerGitHub <noreply@github.com>2021-04-29 10:56:01 -0600
commitff6ca577ec7196e2cf3991c817d3655754de4b24 (patch)
tree8699774d9adcea7dd3c5d3c4dcbb7a171de57e4a /caddyconfig
parent90175571698d7cb0e4184d257a425f0bd11c713d (diff)
httpcaddyfile: Fix unexpectedly removed policy (#4128)
* httpcaddyfile: Fix unexpectedly removed policy When user set on_demand tls option in a catch-all (:443) policy, we expect other policies to not have the on_demand enabled See ex in tls_automation_policies_5.txt Btw, we can remove policies if they are **all** empty. * Update caddyconfig/httpcaddyfile/tlsapp.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'caddyconfig')
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go10
1 files changed, 7 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 1e32be0..72f99be 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -480,15 +480,19 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
return len(aps[i].Subjects) > len(aps[j].Subjects)
})
- // remove any empty policies (except subjects, of course)
+ emptyAPCount := 0
+ // compute the number of empty policies (disregarding subjects) - see #4128
emptyAP := new(caddytls.AutomationPolicy)
for i := 0; i < len(aps); i++ {
emptyAP.Subjects = aps[i].Subjects
if reflect.DeepEqual(aps[i], emptyAP) {
- aps = append(aps[:i], aps[i+1:]...)
- i--
+ emptyAPCount++
}
}
+ // If all policies are empty, we can return nil, as there is no need to set any policy
+ if emptyAPCount == len(aps) {
+ return nil
+ }
// remove or combine duplicate policies
outer: