From 05656a60b3b089ce1735a1ebb02539cca9f68fb4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 9 Jun 2021 14:34:59 -0600 Subject: httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198) In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs). --- .../caddyfile_adapt/tls_automation_policies_7.txt | 68 ++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt (limited to 'caddytest/integration/caddyfile_adapt') diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt new file mode 100644 index 0000000..4b17bf3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt @@ -0,0 +1,68 @@ +# (this Caddyfile is contrived, but based on issues #4176 and #4198) + +http://example.com { +} + +https://example.com { + tls internal +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file -- cgit v1.2.3