diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-06 13:00:41 -0700 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-02-06 13:00:41 -0700 |
commit | 4a07a5d41e0f54d1a1ec998b9d956ccf2a880d90 (patch) | |
tree | 3578f3d22c6498afa83c9b7c400c8175b4dbe0c8 /go.mod | |
parent | b81ae38686fb9fb133a0308294b3dd898b769dac (diff) |
caddyfile: tls: Ensure there is always a catch-all conn policy (#3005)
If user provides their own certs or makes any hostname-specific TLS
connection policy, it means that no TLS connection would be served for
any other hostnames, even though you'd expect that TLS is enabled for
them, too. So now we append a catch-all conn policy if none exist, which
allows all ClientHellos to be matched and served.
We also fix the consolidation of automation policies, which previously
gobbled up automation policies without hosts in favor of automation
policies with hosts. Instead of a host-specific policy eating up an
identical catch-all policy, the catch-all policy eats up the identical
host-specific policy, ensuring that the policy is applied to all hosts
which need it.
See also:
https://caddy.community/t/v2-automatic-https-certificate-errors/6847/9?u=matt
Diffstat (limited to 'go.mod')
-rw-r--r-- | go.mod | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -17,7 +17,7 @@ require ( github.com/klauspost/cpuid v1.2.2 github.com/kylelemons/godebug v1.1.0 // indirect github.com/lucas-clemente/quic-go v0.14.1 - github.com/mholt/certmagic v0.9.2 + github.com/mholt/certmagic v0.9.3 github.com/miekg/dns v1.1.25 // indirect github.com/muhammadmuzzammil1998/jsonc v0.0.0-20190906142622-1265e9b150c6 github.com/naoina/go-stringutil v0.1.0 // indirect |