mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-01 00:23:48 +03:00
tls: Reorder some logic to avoid subtle, undocumented behavior
By calling SetTLSAddress, the acme package reset the challenge provider to the default one instead of keeping the custom one we specified before with SetChallengeProvider. Yikes. This means that Caddy would try to open a listener on port 443 even though we should have been handling it with our provider, causing the challenge to fail, since usually port 443 is in use. So this change just reorders the calls so that our provider takes precedence. cf. https://github.com/xenolf/lego/pull/292
This commit is contained in:
parent
c885edda24
commit
b766dab9fa
1 changed files with 9 additions and 6 deletions
|
@ -120,12 +120,10 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
|
|||
}
|
||||
}
|
||||
|
||||
// See if TLS challenge needs to be handled by our own facilities
|
||||
if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) {
|
||||
c.acmeClient.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{})
|
||||
}
|
||||
|
||||
// Always respect user's bind preferences by using config.ListenHost
|
||||
// Always respect user's bind preferences by using config.ListenHost.
|
||||
// NOTE(Sep'16): At time of writing, SetHTTPAddress() and SetTLSaddress()
|
||||
// must be called before SetChallengeProvider(), since they reset the
|
||||
// challenge provider back to the default one!
|
||||
err := c.acmeClient.SetHTTPAddress(net.JoinHostPort(config.ListenHost, useHTTPPort))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -134,6 +132,11 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error)
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// See if TLS challenge needs to be handled by our own facilities
|
||||
if caddy.HasListenerWithAddress(net.JoinHostPort(config.ListenHost, TLSSNIChallengePort)) {
|
||||
c.acmeClient.SetChallengeProvider(acme.TLSSNI01, tlsSniSolver{})
|
||||
}
|
||||
} else {
|
||||
// Otherwise, DNS challenge it is
|
||||
|
||||
|
|
Loading…
Reference in a new issue