summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorMatt Holt <mholt@users.noreply.github.com>2020-05-05 12:37:52 -0600
committerGitHub <noreply@github.com>2020-05-05 12:37:52 -0600
commit2f59467ac3b8f31b0f2ad9af346bb52a045a3db2 (patch)
tree5dc15fea6849d2b9138656ddb3b7b614dcfc8ec1 /modules
parent184e8e9f713bf39e82f4677452998bb003de6e6d (diff)
httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)
This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
Diffstat (limited to 'modules')
-rw-r--r--modules/caddytls/connpolicy.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 30f7290..1de7c2e 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
return nil
}
+// SettingsEmpty returns true if p's settings (fields
+// except the matchers) are all empty/unset.
+func (p ConnectionPolicy) SettingsEmpty() bool {
+ return p.CertSelection == nil &&
+ p.CipherSuites == nil &&
+ p.Curves == nil &&
+ p.ALPN == nil &&
+ p.ProtocolMin == "" &&
+ p.ProtocolMax == "" &&
+ p.ClientAuthentication == nil &&
+ p.DefaultSNI == ""
+}
+
// ClientAuthentication configures TLS client auth.
type ClientAuthentication struct {
// A list of base64 DER-encoded CA certificates