Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-04 03:27:23 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

httpcaddyfile: Fix unexpectedly removed policy (#4128)

Browse Source 
* httpcaddyfile: Fix unexpectedly removed policy

When user set on_demand tls option in a catch-all (:443) policy,
we expect other policies to not have the on_demand enabled
See ex in tls_automation_policies_5.txt

Btw, we can remove policies if they are **all** empty.

* Update caddyconfig/httpcaddyfile/tlsapp.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
This commit is contained in:
Alban Lecocq 2021-04-29 18:56:01 +02:00 committed by GitHub
parent 9017557169
commit ff6ca577ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
caddyconfig/httpcaddyfile/tlsapp.go
View File

@ -480,15 +480,19 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
return len(aps[i].Subjects) > len(aps[j].Subjects) return len(aps[i].Subjects) > len(aps[j].Subjects)
}) })
// remove any empty policies (except subjects, of course) emptyAPCount := 0
// compute the number of empty policies (disregarding subjects) - see #4128
emptyAP := new(caddytls.AutomationPolicy) emptyAP := new(caddytls.AutomationPolicy)
for i := 0; i < len(aps); i++ { for i := 0; i < len(aps); i++ {
emptyAP.Subjects = aps[i].Subjects emptyAP.Subjects = aps[i].Subjects
if reflect.DeepEqual(aps[i], emptyAP) { if reflect.DeepEqual(aps[i], emptyAP) {
aps = append(aps[:i], aps[i+1:]...) emptyAPCount++
i--
} }
} }
// If all policies are empty, we can return nil, as there is no need to set any policy
if emptyAPCount == len(aps) {
return nil
}
// remove or combine duplicate policies // remove or combine duplicate policies
outer: outer:

62
caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt Normal file
View File

@ -0,0 +1,62 @@
a.example.com {
}
b.example.com {
}
:443 {
tls {
on_demand
}
}
----------
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"a.example.com"
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"b.example.com"
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"a.example.com",
"b.example.com"
]
},
{
"on_demand": true
}
]
}
}
}
}