diff options
author | Matt Holt <mholt@users.noreply.github.com> | 2022-08-15 12:01:58 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-15 12:01:58 -0600 |
commit | c79c08627d36e9871dedd3c7d8889d7d710134c2 (patch) | |
tree | 886449e2ce6a2cf39c60f58f2e4d420b5e3a8f1b /modules/caddytls | |
parent | e2a5e2293ab0b06e33445a1243f36cd5def1de42 (diff) |
caddyhttp: Enable HTTP/3 by default (#4707)
Diffstat (limited to 'modules/caddytls')
-rw-r--r-- | modules/caddytls/connpolicy.go | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 285e9f6..f7b9c46 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -112,7 +112,7 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config { continue policyLoop } } - return pol.stdTLSConfig, nil + return pol.TLSConfig, nil } return nil, fmt.Errorf("no server TLS configuration available for ClientHello: %+v", hello) @@ -156,8 +156,15 @@ type ConnectionPolicy struct { // is no policy configured for the empty SNI value. DefaultSNI string `json:"default_sni,omitempty"` - matchers []ConnectionMatcher - stdTLSConfig *tls.Config + // TLSConfig is the fully-formed, standard lib TLS config + // used to serve TLS connections. Provision all + // ConnectionPolicies to populate this. It is exported only + // so it can be minimally adjusted after provisioning + // if necessary (like to adjust NextProtos to disable HTTP/2), + // and may be unexported in the future. + TLSConfig *tls.Config `json:"-"` + + matchers []ConnectionMatcher } func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { @@ -275,7 +282,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { setDefaultTLSParams(cfg) - p.stdTLSConfig = cfg + p.TLSConfig = cfg return nil } |