From 839507e24e4d8d2d8052335fafb110513865efc0 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 13 Sep 2019 11:46:58 -0600 Subject: http: Consider wildcards when evaluating automatic HTTPS --- go.mod | 2 +- go.sum | 4 ++-- modules/caddyhttp/caddyhttp.go | 4 ++-- modules/caddytls/tls.go | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 1c208c5..85e37bb 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b github.com/klauspost/cpuid v1.2.1 github.com/lucas-clemente/quic-go v0.7.1-0.20190908032346-fc962d18373a - github.com/mholt/certmagic v0.7.0 + github.com/mholt/certmagic v0.7.1 github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936 github.com/muhammadmuzzammil1998/jsonc v0.0.0-20190902132743-e4903c4dea48 github.com/rs/cors v1.6.0 diff --git a/go.sum b/go.sum index a2ed97e..0ff7da9 100644 --- a/go.sum +++ b/go.sum @@ -156,8 +156,8 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/certmagic v0.7.0 h1:F1rn76bjfSq5hNF19Jb8TbfCkgR/AAxfSMLUGy1FpX8= -github.com/mholt/certmagic v0.7.0/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w= +github.com/mholt/certmagic v0.7.1 h1:nbSSVwvlDE3+vttD/RBikBIkxrlKVkIQOz449gCrG5Q= +github.com/mholt/certmagic v0.7.1/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w= github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI= github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index b6a8148..c044a9b 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -313,8 +313,8 @@ func (app *App) automaticHTTPS() error { // don't obtain another one for it, unless we are // supposed to ignore loaded certificates if !srv.AutoHTTPS.IgnoreLoadedCerts && - len(tlsApp.CertificatesWithSAN(d)) > 0 { - log.Printf("[INFO][%s] Skipping automatic certificate management because a certificate with that SAN is already loaded", d) + len(tlsApp.AllMatchingCertificates(d)) > 0 { + log.Printf("[INFO][%s] Skipping automatic certificate management because one or more matching certificates are already loaded", d) continue } domainsForCerts = append(domainsForCerts, d) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index bbcf61e..99d3a5f 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -200,10 +200,10 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy { return AutomationPolicy{Management: new(ACMEManagerMaker)} } -// CertificatesWithSAN returns the list of all certificates -// in the cache the match the given SAN value. -func (t *TLS) CertificatesWithSAN(san string) []certmagic.Certificate { - return t.certCache.CertificatesWithSAN(san) +// CertificatesForSAN returns the list of all certificates in +// the cache which could be used to satisfy the given SAN. +func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate { + return t.certCache.AllMatchingCertificates(san) } // CertificateLoader is a type that can load certificates. -- cgit v1.2.3