summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy/fastcgi
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-02-20 10:18:29 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-02-20 10:18:29 -0700
commit99f91c4c6f812ebfae505a8c29a750965af0cfcb (patch)
treea342ac7325e00fb30d1e7aa174fe1858ea56e17b /modules/caddyhttp/reverseproxy/fastcgi
parent0005e3acdc7f0bc89f7a8bb15a1e23295986a3b7 (diff)
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times with different tags will result in it being de-duplicated in the in- memory cache, because of course they all have the same bytes. This meant that any certs of the same filename loaded with different tags would be overwritten by the next certificate of the same filename, and any conn policies looking for the tags of the previous ones would never find them, causing connections to fail. So, now we remember cert filenames and their tags, instead of loading them multiple times and overwriting previous ones. A user crafting their own JSON might make this error too... maybe we won't see it happen. But if it does, one possibility is, when loading a duplicate cert, instead of discarding it completely, merge the tag list into the one that's already stored in the cache, then discard.
Diffstat (limited to 'modules/caddyhttp/reverseproxy/fastcgi')
0 files changed, 0 insertions, 0 deletions