diff options
| -rw-r--r-- | caddyconfig/httpcaddyfile/httptype.go | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 130067d..f2d1568 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -446,12 +446,12 @@ func (st *ServerType) serversFromPairings( } } else { cp.DefaultSNI = defaultSNI - hasCatchAllTLSConnPolicy = true } // only append this policy if it actually changes something if !cp.SettingsEmpty() { srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + hasCatchAllTLSConnPolicy = len(hosts) == 0 } } } @@ -653,9 +653,15 @@ func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock, return nil } -// consolidateConnPolicies removes empty TLS connection policies and combines -// equivalent ones for a cleaner overall output. +// consolidateConnPolicies sorts any catch-all policy to the end, removes empty TLS connection +// policies, and combines equivalent ones for a cleaner overall output. func consolidateConnPolicies(cps caddytls.ConnectionPolicies) (caddytls.ConnectionPolicies, error) { + // catch-all policies (those without any matcher) should be at the + // end, otherwise it nullifies any more specific policies + sort.SliceStable(cps, func(i, j int) bool { + return cps[j].MatchersRaw == nil && cps[i].MatchersRaw != nil + }) + for i := 0; i < len(cps); i++ { // compare it to the others for j := 0; j < len(cps); j++ { |