summaryrefslogtreecommitdiff
path: root/modules/caddytls
diff options
context:
space:
mode:
authorMatt Holt <mholt@users.noreply.github.com>2022-08-15 12:01:58 -0600
committerGitHub <noreply@github.com>2022-08-15 12:01:58 -0600
commitc79c08627d36e9871dedd3c7d8889d7d710134c2 (patch)
tree886449e2ce6a2cf39c60f58f2e4d420b5e3a8f1b /modules/caddytls
parente2a5e2293ab0b06e33445a1243f36cd5def1de42 (diff)
caddyhttp: Enable HTTP/3 by default (#4707)
Diffstat (limited to 'modules/caddytls')
-rw-r--r--modules/caddytls/connpolicy.go15
1 files changed, 11 insertions, 4 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 285e9f6..f7b9c46 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -112,7 +112,7 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config {
continue policyLoop
}
}
- return pol.stdTLSConfig, nil
+ return pol.TLSConfig, nil
}
return nil, fmt.Errorf("no server TLS configuration available for ClientHello: %+v", hello)
@@ -156,8 +156,15 @@ type ConnectionPolicy struct {
// is no policy configured for the empty SNI value.
DefaultSNI string `json:"default_sni,omitempty"`
- matchers []ConnectionMatcher
- stdTLSConfig *tls.Config
+ // TLSConfig is the fully-formed, standard lib TLS config
+ // used to serve TLS connections. Provision all
+ // ConnectionPolicies to populate this. It is exported only
+ // so it can be minimally adjusted after provisioning
+ // if necessary (like to adjust NextProtos to disable HTTP/2),
+ // and may be unexported in the future.
+ TLSConfig *tls.Config `json:"-"`
+
+ matchers []ConnectionMatcher
}
func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
@@ -275,7 +282,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
setDefaultTLSParams(cfg)
- p.stdTLSConfig = cfg
+ p.TLSConfig = cfg
return nil
}