From 2b22d2e6ea7ffd17ae769bd8a2adae60e5a7d0bf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 26 Jun 2019 16:03:29 -0600 Subject: Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup We should look into a way to enable this by default when TLS client auth is configured for a server --- modules/caddyhttp/routes.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/caddyhttp/routes.go') diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 8033b91..00bb8ba 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -162,11 +162,11 @@ func (routes RouteList) BuildCompositeRoute(rw http.ResponseWriter, req *http.Re } // wrapMiddleware wraps m such that it can be correctly -// appended to a list of middleware. This is necessary -// so that only the last middleware in a loop does not -// become the only middleware of the stack, repeatedly -// executed (i.e. it is necessary to keep a reference -// to this m outside of the scope of a loop)! +// appended to a list of middleware. This separate closure +// is necessary so that only the last middleware in a loop +// does not become the only middleware of the stack, +// repeatedly executed (i.e. it is necessary to keep a +// reference to this m outside of the scope of a loop)! func wrapMiddleware(m MiddlewareHandler) Middleware { return func(next HandlerFunc) HandlerFunc { return func(w http.ResponseWriter, r *http.Request) error { -- cgit v1.2.3