From c87f82f0ce58ec714b3e13fbe69c322a0d612c67 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Thu, 26 Mar 2020 14:01:38 -0600
Subject: caddytls: Match automation policies by wildcard subjects too

https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt

Also use new CertMagic function for matching wildcard names
---
 modules/caddytls/matchers.go | 18 ++----------------
 modules/caddytls/tls.go      |  2 +-
 2 files changed, 3 insertions(+), 17 deletions(-)

(limited to 'modules/caddytls')

diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go
index 1f5f9b6..50da609 100644
--- a/modules/caddytls/matchers.go
+++ b/modules/caddytls/matchers.go
@@ -16,9 +16,9 @@ package caddytls
 
 import (
 	"crypto/tls"
-	"strings"
 
 	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/certmagic"
 )
 
 func init() {
@@ -41,23 +41,9 @@ func (MatchServerName) CaddyModule() caddy.ModuleInfo {
 // Match matches hello based on SNI.
 func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool {
 	for _, name := range m {
-		if hello.ServerName == name {
+		if certmagic.MatchWildcard(hello.ServerName, name) {
 			return true
 		}
-
-		// check for wildcard match on this name, but only
-		// bother if there is even a wildcard character
-		if !strings.Contains(name, "*") {
-			continue
-		}
-		labels := strings.Split(hello.ServerName, ".")
-		for i := range labels {
-			labels[i] = "*"
-			candidate := strings.Join(labels, ".")
-			if candidate == name {
-				return true
-			}
-		}
 	}
 	return false
 }
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 076e017..b2c6324 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -329,7 +329,7 @@ func (t *TLS) getAutomationPolicyForName(name string) *AutomationPolicy {
 			return ap // no host filter is an automatic match
 		}
 		for _, h := range ap.Subjects {
-			if h == name {
+			if certmagic.MatchWildcard(name, h) {
 				return ap
 			}
 		}
-- 
cgit v1.2.3