diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-24 18:58:28 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-04-24 20:57:51 -0600 |
commit | 97ed9e111d04718583c8e0cd141a464c993e224a (patch) | |
tree | e420fb049d4eb8f250f31b1546966da9d4a5e97c /modules/caddypki/maintain.go | |
parent | 100d19e3afe403c41fe678fef2671a129daddeda (diff) |
httpcaddyfile: Add nil check to prevent panic, fix validation logic
Panic would happen if an automation policy was specified in a singular
server block that had no hostnames in its address. Definitely an edge
case.
Fixed a bug related to checking for server blocks with a host-less key
that tried to make an automation policy. Previously if you had only two
server blocks like ":443" and another one at ":80", the one at ":443"
could not create a TLS automation policy because it thought it would
interfere with TLS automation for the block at ":80", but obviously that
key doesn't enable TLS because it is on the HTTP port. So now we are a
little smarter and count only non-HTTP-empty-hostname keys.
Also fixed a bug so that a key like "https://:1234" is sure to have TLS
enabled by giving it a TLS connection policy. (Relaxed conditions
slightly; the previous conditions were too strict, requiring there to be
a TLS conn policy already or a default SNI to be non-empty.)
Also clarified a comment thanks to feedback from @Mohammed90
Diffstat (limited to 'modules/caddypki/maintain.go')
0 files changed, 0 insertions, 0 deletions