caddytls: Match automation policies by wildcard subjects too

https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt Also use new CertMagic function for matching wildcard names
author: Matthew Holt <mholt@users.noreply.github.com> 2020-03-26 14:01:38 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2020-03-26 14:01:38 -0600
commit: c87f82f0ce58ec714b3e13fbe69c322a0d612c67 (patch)
tree: eac26618f7cbaa90f510585ebfe593151adf6d70 /modules/caddytls/matchers.go
parent: 5c55e5d53fcd5f60921dc477a4eb2127fe20c577 (diff)
1 files changed, 2 insertions, 16 deletions
diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go
index 1f5f9b6..50da609 100644
--- a/modules/caddytls/matchers.go
+++ b/modules/caddytls/matchers.go
@@ -16,9 +16,9 @@ package caddytls
 
 import (
 	"crypto/tls"
-	"strings"
 
 	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/certmagic"
 )
 
 func init() {
@@ -41,23 +41,9 @@ func (MatchServerName) CaddyModule() caddy.ModuleInfo {
 // Match matches hello based on SNI.
 func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool {
 	for _, name := range m {
-		if hello.ServerName == name {
+		if certmagic.MatchWildcard(hello.ServerName, name) {
 			return true
 		}
-
-		// check for wildcard match on this name, but only
-		// bother if there is even a wildcard character
-		if !strings.Contains(name, "*") {
-			continue
-		}
-		labels := strings.Split(hello.ServerName, ".")
-		for i := range labels {
-			labels[i] = "*"
-			candidate := strings.Join(labels, ".")
-			if candidate == name {
-				return true
-			}
-		}
 	}
 	return false
 }
author	Matthew Holt <mholt@users.noreply.github.com>	2020-03-26 14:01:38 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2020-03-26 14:01:38 -0600
commit	c87f82f0ce58ec714b3e13fbe69c322a0d612c67 (patch)
tree	eac26618f7cbaa90f510585ebfe593151adf6d70 /modules/caddytls/matchers.go
parent	5c55e5d53fcd5f60921dc477a4eb2127fe20c577 (diff)