summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go12
1 files changed, 9 insertions, 3 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index 130067d..f2d1568 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -446,12 +446,12 @@ func (st *ServerType) serversFromPairings(
}
} else {
cp.DefaultSNI = defaultSNI
- hasCatchAllTLSConnPolicy = true
}
// only append this policy if it actually changes something
if !cp.SettingsEmpty() {
srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+ hasCatchAllTLSConnPolicy = len(hosts) == 0
}
}
}
@@ -653,9 +653,15 @@ func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock,
return nil
}
-// consolidateConnPolicies removes empty TLS connection policies and combines
-// equivalent ones for a cleaner overall output.
+// consolidateConnPolicies sorts any catch-all policy to the end, removes empty TLS connection
+// policies, and combines equivalent ones for a cleaner overall output.
func consolidateConnPolicies(cps caddytls.ConnectionPolicies) (caddytls.ConnectionPolicies, error) {
+ // catch-all policies (those without any matcher) should be at the
+ // end, otherwise it nullifies any more specific policies
+ sort.SliceStable(cps, func(i, j int) bool {
+ return cps[j].MatchersRaw == nil && cps[i].MatchersRaw != nil
+ })
+
for i := 0; i < len(cps); i++ {
// compare it to the others
for j := 0; j < len(cps); j++ {