Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-03-04 00:03:41 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

caddyhttp: Evaluate tls.client placeholders more accurately (fix #7530) (#7534)
Some checks failed
Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 2m13s
Details
Tests / test (s390x on IBM Z) (push) Has been skipped
Details
Tests / goreleaser-check (push) Has been skipped
Details
Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 1m33s
Details
Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 1m40s
Details
Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 1m33s
Details
Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m38s
Details
Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m43s
Details
Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 1m48s
Details
Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m51s
Details
Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 1m37s
Details
Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m35s
Details
Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 1m35s
Details
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m29s
Details
Lint / govulncheck (push) Successful in 1m24s
Details
Lint / dependency-review (push) Failing after 25s
Details
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 34s
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Has been cancelled
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Has been cancelled
Details
Lint / lint (macos-14, mac) (push) Has been cancelled
Details
Lint / lint (windows-latest, windows) (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Matt Holt 2026-02-28 22:03:18 -07:00 committed by GitHub
parent cd9e1660aa
commit 174fa2ddb9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/caddyhttp/replacer.go
View File

@ -420,7 +420,16 @@ func getReqTLSReplacement(req *http.Request, key string) (any, bool) {
if strings.HasPrefix(field, "client.") {
cert := getTLSPeerCert(req.TLS)
if cert == nil {
return nil, false
// Instead of returning (nil, false) here, we set it to a dummy
// value to fix #7530. This way, even if there is no client cert,
// evaluating placeholders with ReplaceKnown() will still remove
// the placeholder, which would be expected. It is not expected
// for the placeholder to sometimes get removed based on whether
// the client presented a cert. We also do not return true here
// because we probably should remain accurate about whether a
// placeholder is, in fact, known or not.
// (This allocation may be slightly inefficient.)
cert = new(x509.Certificate)
}
// subject alternate names (SANs)