From 2f59467ac3b8f31b0f2ad9af346bb52a045a3db2 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:37:52 -0600 Subject: httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319) This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important. --- caddyconfig/httpcaddyfile/httptype.go | 5 ++++- modules/caddytls/connpolicy.go | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 775c062..aacaf91 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings( hasCatchAllTLSConnPolicy = true } - srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + // only append this policy if it actually changes something + if !cp.SettingsEmpty() { + srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + } } } diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 30f7290..1de7c2e 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { return nil } +// SettingsEmpty returns true if p's settings (fields +// except the matchers) are all empty/unset. +func (p ConnectionPolicy) SettingsEmpty() bool { + return p.CertSelection == nil && + p.CipherSuites == nil && + p.Curves == nil && + p.ALPN == nil && + p.ProtocolMin == "" && + p.ProtocolMax == "" && + p.ClientAuthentication == nil && + p.DefaultSNI == "" +} + // ClientAuthentication configures TLS client auth. type ClientAuthentication struct { // A list of base64 DER-encoded CA certificates -- cgit v1.2.3