httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)

This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
2025-01-13 22:36:27 +03:00 · 2020-05-05 12:37:52 -06:00 · 2020-05-05 12:37:52 -06:00 · 2f59467ac3
commit 2f59467ac3
parent 184e8e9f71
2 changed files with 17 additions and 1 deletions
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings(
 						hasCatchAllTLSConnPolicy = true
 					}

-					srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+					// only append this policy if it actually changes something
+					if !cp.SettingsEmpty() {
+						srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+					}
 				}
 			}

--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
 	return nil
 }

+// SettingsEmpty returns true if p's settings (fields
+// except the matchers) are all empty/unset.
+func (p ConnectionPolicy) SettingsEmpty() bool {
+	return p.CertSelection == nil &&
+		p.CipherSuites == nil &&
+		p.Curves == nil &&
+		p.ALPN == nil &&
+		p.ProtocolMin == "" &&
+		p.ProtocolMax == "" &&
+		p.ClientAuthentication == nil &&
+		p.DefaultSNI == ""
+}
+
 // ClientAuthentication configures TLS client auth.
 type ClientAuthentication struct {
 	// A list of base64 DER-encoded CA certificates