summaryrefslogtreecommitdiff
path: root/caddytest
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2021-06-09 14:34:59 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2021-06-09 14:35:09 -0600
commit05656a60b3b089ce1735a1ebb02539cca9f68fb4 (patch)
tree3fb0db25f2c0a21225c89dc85fc438792ac64978 /caddytest
parent1e92258dd670dc62a55b100d1e68e7f482da14a1 (diff)
httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198)
In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
Diffstat (limited to 'caddytest')
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt68
1 files changed, 68 insertions, 0 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt
new file mode 100644
index 0000000..4b17bf3
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt
@@ -0,0 +1,68 @@
+# (this Caddyfile is contrived, but based on issues #4176 and #4198)
+
+http://example.com {
+}
+
+https://example.com {
+ tls internal
+}
+
+----------
+{
+ "apps": {
+ "http": {
+ "servers": {
+ "srv0": {
+ "listen": [
+ ":443"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ },
+ "srv1": {
+ "listen": [
+ ":80"
+ ],
+ "routes": [
+ {
+ "match": [
+ {
+ "host": [
+ "example.com"
+ ]
+ }
+ ],
+ "terminal": true
+ }
+ ]
+ }
+ }
+ },
+ "tls": {
+ "automation": {
+ "policies": [
+ {
+ "subjects": [
+ "example.com"
+ ],
+ "issuers": [
+ {
+ "module": "internal"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+} \ No newline at end of file