From b377208ededa964893dedd5660734e9616f998f7 Mon Sep 17 00:00:00 2001
From: Matt Holt <mholt@users.noreply.github.com>
Date: Wed, 23 Aug 2023 20:47:54 -0600
Subject: chore: Appease gosec linter (#5777)

These happen to be harmless memory aliasing
but I guess the linter can't know that and we
can't really prove it in general.
---
 modules/caddyhttp/reverseproxy/httptransport.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/caddyhttp')

diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index bcce67b..9290f7e 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -529,7 +529,8 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) {
 			certs := caddytls.AllMatchingCertificates(t.ClientCertificateAutomate)
 			var err error
 			for _, cert := range certs {
-				err = cri.SupportsCertificate(&cert.Certificate)
+				certCertificate := cert.Certificate // avoid taking address of iteration variable (gosec warning)
+				err = cri.SupportsCertificate(&certCertificate)
 				if err == nil {
 					return &cert.Certificate, nil
 				}
-- 
cgit v1.2.3