From 269b1e9aa34b2b02911f8746e7b6a162cd8222cf Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Thu, 20 Jun 2019 20:36:29 -0600
Subject: tls: Improve (and fix) on-demand configuration

---
 modules/caddytls/connpolicy.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules/caddytls/connpolicy.go')

diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 54cad7c..a278326 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -86,6 +86,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) (*tls.Config, error) {
 				}
 				return pol.stdTLSConfig, nil
 			}
+
 			return nil, fmt.Errorf("no server TLS configuration available for ClientHello: %+v", hello)
 		},
 	}, nil
@@ -148,6 +149,8 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
 		tlsApp.SessionTickets.unregister(cfg)
 	})
 
+	// TODO: Clean up active locks if app (or process) is being closed!
+
 	// add all the cipher suites in order, without duplicates
 	cipherSuitesAdded := make(map[uint16]struct{})
 	for _, csName := range p.CipherSuites {
-- 
cgit v1.2.3