From 96bb3659299ae5ef28ffb3f9a23e16417c570924 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 16 Apr 2021 11:17:15 -0600 Subject: httpcaddyfile: Take into account host scheme/port (fix #4113) --- caddyconfig/httpcaddyfile/tlsapp.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 85f9e5a..1e32be0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp( // a hostless key, so that they don't get forgotten/omitted // by auto-HTTPS (since they won't appear in route matchers) var serverBlocksWithTLSHostlessKey int - hostsSharedWithHostlessKey := make(map[string]struct{}) + httpsHostsSharedWithHostlessKey := make(map[string]struct{}) for _, pair := range pairings { for _, sb := range pair.serverBlocks { for _, addr := range sb.keys { @@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp( if otherAddr.Original == addr.Original { continue } - if otherAddr.Host != "" { - hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { + httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} } } break @@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range hostsSharedWithHostlessKey { + for h := range httpsHostsSharedWithHostlessKey { al = append(al, h) if !certmagic.SubjectQualifiesForPublicCert(h) { internalAP.Subjects = append(internalAP.Subjects, h) -- cgit v1.2.3