summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go5
-rw-r--r--modules/caddytls/connpolicy.go13
2 files changed, 17 insertions, 1 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 775c062..aacaf91 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings(
hasCatchAllTLSConnPolicy = true
}
- srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+ // only append this policy if it actually changes something
+ if !cp.SettingsEmpty() {
+ srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+ }
}
}
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 30f7290..1de7c2e 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
return nil
}
+// SettingsEmpty returns true if p's settings (fields
+// except the matchers) are all empty/unset.
+func (p ConnectionPolicy) SettingsEmpty() bool {
+ return p.CertSelection == nil &&
+ p.CipherSuites == nil &&
+ p.Curves == nil &&
+ p.ALPN == nil &&
+ p.ProtocolMin == "" &&
+ p.ProtocolMax == "" &&
+ p.ClientAuthentication == nil &&
+ p.DefaultSNI == ""
+}
+
// ClientAuthentication configures TLS client auth.
type ClientAuthentication struct {
// A list of base64 DER-encoded CA certificates