summaryrefslogtreecommitdiff
path: root/modules/caddytls
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2020-02-06 13:00:41 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2020-02-06 13:00:41 -0700
commit4a07a5d41e0f54d1a1ec998b9d956ccf2a880d90 (patch)
tree3578f3d22c6498afa83c9b7c400c8175b4dbe0c8 /modules/caddytls
parentb81ae38686fb9fb133a0308294b3dd898b769dac (diff)
caddyfile: tls: Ensure there is always a catch-all conn policy (#3005)
If user provides their own certs or makes any hostname-specific TLS connection policy, it means that no TLS connection would be served for any other hostnames, even though you'd expect that TLS is enabled for them, too. So now we append a catch-all conn policy if none exist, which allows all ClientHellos to be matched and served. We also fix the consolidation of automation policies, which previously gobbled up automation policies without hosts in favor of automation policies with hosts. Instead of a host-specific policy eating up an identical catch-all policy, the catch-all policy eats up the identical host-specific policy, ensuring that the policy is applied to all hosts which need it. See also: https://caddy.community/t/v2-automatic-https-certificate-errors/6847/9?u=matt
Diffstat (limited to 'modules/caddytls')
0 files changed, 0 insertions, 0 deletions