From c87f82f0ce58ec714b3e13fbe69c322a0d612c67 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 26 Mar 2020 14:01:38 -0600 Subject: caddytls: Match automation policies by wildcard subjects too https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt Also use new CertMagic function for matching wildcard names --- modules/caddytls/matchers.go | 18 ++---------------- modules/caddytls/tls.go | 2 +- 2 files changed, 3 insertions(+), 17 deletions(-) (limited to 'modules/caddytls') diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index 1f5f9b6..50da609 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -16,9 +16,9 @@ package caddytls import ( "crypto/tls" - "strings" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/certmagic" ) func init() { @@ -41,23 +41,9 @@ func (MatchServerName) CaddyModule() caddy.ModuleInfo { // Match matches hello based on SNI. func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool { for _, name := range m { - if hello.ServerName == name { + if certmagic.MatchWildcard(hello.ServerName, name) { return true } - - // check for wildcard match on this name, but only - // bother if there is even a wildcard character - if !strings.Contains(name, "*") { - continue - } - labels := strings.Split(hello.ServerName, ".") - for i := range labels { - labels[i] = "*" - candidate := strings.Join(labels, ".") - if candidate == name { - return true - } - } } return false } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 076e017..b2c6324 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -329,7 +329,7 @@ func (t *TLS) getAutomationPolicyForName(name string) *AutomationPolicy { return ap // no host filter is an automatic match } for _, h := range ap.Subjects { - if h == name { + if certmagic.MatchWildcard(name, h) { return ap } } -- cgit v1.2.3