From c4472363579e26485fdfc01f4fd79b86d44acd86 Mon Sep 17 00:00:00 2001 From: Mark Sargent <99003+sarge@users.noreply.github.com> Date: Sat, 14 Mar 2020 06:32:53 +1300 Subject: caddyhttp: Fix default SNI for default conn policy (#3141) * add integration tests * removed SNI test * remove integration test condition * minor edit * fix sni when using static certificates Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/httptype.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'caddyconfig') diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 96f2bb0..a8df28c 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -450,6 +450,8 @@ func (st *ServerType) serversFromPairings( ) (map[string]*caddyhttp.Server, error) { servers := make(map[string]*caddyhttp.Server) + defaultSNI := tryString(options["default_sni"], warnings) + for i, p := range pairings { srv := &caddyhttp.Server{ Listen: p.addresses, @@ -499,7 +501,6 @@ func (st *ServerType) serversFromPairings( } // tls: connection policies and toggle auto HTTPS - defaultSNI := tryString(options["default_sni"], warnings) if _, ok := sblock.pile["tls.off"]; ok { // TODO: right now, no directives yield any tls.off value... // tls off: disable TLS (and automatic HTTPS) for server block's names @@ -614,7 +615,7 @@ func (st *ServerType) serversFromPairings( // important that it goes at the end) - see issue #3004: // https://github.com/caddyserver/caddy/issues/3004 if len(srv.TLSConnPolicies) > 0 && !hasCatchAllTLSConnPolicy { - srv.TLSConnPolicies = append(srv.TLSConnPolicies, new(caddytls.ConnectionPolicy)) + srv.TLSConnPolicies = append(srv.TLSConnPolicies, &caddytls.ConnectionPolicy{DefaultSNI: defaultSNI}) } srv.Routes = consolidateRoutes(srv.Routes) -- cgit v1.2.3