summaryrefslogtreecommitdiff
path: root/modules/caddypki/crypto.go
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-04-24 18:58:28 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2020-04-24 20:57:51 -0600
commit97ed9e111d04718583c8e0cd141a464c993e224a (patch)
treee420fb049d4eb8f250f31b1546966da9d4a5e97c /modules/caddypki/crypto.go
parent100d19e3afe403c41fe678fef2671a129daddeda (diff)
httpcaddyfile: Add nil check to prevent panic, fix validation logic
Panic would happen if an automation policy was specified in a singular server block that had no hostnames in its address. Definitely an edge case. Fixed a bug related to checking for server blocks with a host-less key that tried to make an automation policy. Previously if you had only two server blocks like ":443" and another one at ":80", the one at ":443" could not create a TLS automation policy because it thought it would interfere with TLS automation for the block at ":80", but obviously that key doesn't enable TLS because it is on the HTTP port. So now we are a little smarter and count only non-HTTP-empty-hostname keys. Also fixed a bug so that a key like "https://:1234" is sure to have TLS enabled by giving it a TLS connection policy. (Relaxed conditions slightly; the previous conditions were too strict, requiring there to be a TLS conn policy already or a default SNI to be non-empty.) Also clarified a comment thanks to feedback from @Mohammed90
Diffstat (limited to 'modules/caddypki/crypto.go')
0 files changed, 0 insertions, 0 deletions