mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-14 23:06:27 +03:00
httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)
This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
This commit is contained in:
parent
184e8e9f71
commit
2f59467ac3
2 changed files with 17 additions and 1 deletions
|
@ -416,9 +416,12 @@ func (st *ServerType) serversFromPairings(
|
||||||
hasCatchAllTLSConnPolicy = true
|
hasCatchAllTLSConnPolicy = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// only append this policy if it actually changes something
|
||||||
|
if !cp.SettingsEmpty() {
|
||||||
srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
|
srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for _, addr := range sblock.keys {
|
for _, addr := range sblock.keys {
|
||||||
// exclude any hosts that were defined explicitly with "http://"
|
// exclude any hosts that were defined explicitly with "http://"
|
||||||
|
|
|
@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SettingsEmpty returns true if p's settings (fields
|
||||||
|
// except the matchers) are all empty/unset.
|
||||||
|
func (p ConnectionPolicy) SettingsEmpty() bool {
|
||||||
|
return p.CertSelection == nil &&
|
||||||
|
p.CipherSuites == nil &&
|
||||||
|
p.Curves == nil &&
|
||||||
|
p.ALPN == nil &&
|
||||||
|
p.ProtocolMin == "" &&
|
||||||
|
p.ProtocolMax == "" &&
|
||||||
|
p.ClientAuthentication == nil &&
|
||||||
|
p.DefaultSNI == ""
|
||||||
|
}
|
||||||
|
|
||||||
// ClientAuthentication configures TLS client auth.
|
// ClientAuthentication configures TLS client auth.
|
||||||
type ClientAuthentication struct {
|
type ClientAuthentication struct {
|
||||||
// A list of base64 DER-encoded CA certificates
|
// A list of base64 DER-encoded CA certificates
|
||||||
|
|
Loading…
Reference in a new issue