diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2021-06-09 14:34:59 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2021-06-09 14:35:09 -0600 |
commit | 05656a60b3b089ce1735a1ebb02539cca9f68fb4 (patch) | |
tree | 3fb0db25f2c0a21225c89dc85fc438792ac64978 /caddytest/integration | |
parent | 1e92258dd670dc62a55b100d1e68e7f482da14a1 (diff) |
httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198)
In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
Diffstat (limited to 'caddytest/integration')
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt new file mode 100644 index 0000000..4b17bf3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt @@ -0,0 +1,68 @@ +# (this Caddyfile is contrived, but based on issues #4176 and #4198) + +http://example.com { +} + +https://example.com { + tls internal +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +}
\ No newline at end of file |