serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-27 06:03:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

httpcaddyfile: Adjust iterator when removing AP (fix #3953)

Browse source
This commit is contained in:
Matthew Holt 2021-01-04 11:25:29 -07:00
parent 144b65cf99
commit 7846bc1e06
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
3 changed files with 98 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
caddyconfig/httpcaddyfile/tlsapp.go
View file

@ -453,7 +453,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon
// ZeroSSL), the proper wrapper over acmeIssuer will be returned instead. // ZeroSSL), the proper wrapper over acmeIssuer will be returned instead.
func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer { func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer {
// as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an // as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an
// implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer
// because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer) // because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer)
if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil { if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil {
return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer} return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer}
@ -518,6 +518,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
// '*.com', which might be different (yes we've seen this happen) // '*.com', which might be different (yes we've seen this happen)
if automationPolicyShadows(i, aps) >= j { if automationPolicyShadows(i, aps) >= j {
aps = append(aps[:i], aps[i+1:]...) aps = append(aps[:i], aps[i+1:]...)
i--
} }
} else { } else {
// avoid repeated subjects // avoid repeated subjects

0
caddytest/integration/caddyfile_adapt/tls_automation_policies.txt → caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt
View file

96
caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt Normal file
View file

@ -0,0 +1,96 @@
# issue #3953
{
cert_issuer zerossl api_key
}
example.com {
tls {
on_demand
}
}
http://example.net {
}
:1234 {
}
----------
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":1234"
]
},
"srv1": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"example.com"
]
}
],
"terminal": true
}
]
},
"srv2": {
"listen": [
":80"
],
"routes": [
{
"match": [
{
"host": [
"example.net"
]
}
],
"terminal": true
}
],
"automatic_https": {
"skip": [
"example.net"
]
}
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"example.com"
],
"issuers": [
{
"api_key": "api_key",
"module": "zerossl"
}
],
"on_demand": true
},
{
"issuers": [
{
"api_key": "api_key",
"module": "zerossl"
}
]
}
]
}
}
}
}