From 7e719157d9b7002fc09de63344f7b4fdfa7e9f57 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 7 Dec 2020 14:22:47 -0700 Subject: httpcaddyfile: Decrement counter when removing conn policy (fix #3906) --- caddyconfig/httpcaddyfile/tlsapp.go | 2 + .../tls_conn_policy_consolidate.txt | 137 +++++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index fe4c1b1..6a6e3ca 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -487,6 +487,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls // remove or combine duplicate policies for i := 0; i < len(aps); i++ { + // compare only with next policies; we sorted by specificity so we must not delete earlier policies for j := i + 1; j < len(aps); j++ { // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { @@ -526,6 +527,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } } aps = append(aps[:j], aps[j+1:]...) + j-- } } } diff --git a/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt new file mode 100644 index 0000000..ba6827e --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt @@ -0,0 +1,137 @@ +# https://github.com/caddyserver/caddy/issues/3906 +a.a { + tls internal + respond 403 +} + +http://b.b https://b.b:8443 { + tls internal + respond 404 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.a" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 403 + } + ] + } + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "b.b" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 404 + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "b.b" + ] + } + }, + "srv2": { + "listen": [ + ":8443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "b.b" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 404 + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.a", + "b.b" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file -- cgit v1.2.3