serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-27 06:03:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Only enforces SNI matching if ClientAuth is enabled (#3096)

Browse source
This commit is contained in:
Daniel Santos 2020-02-27 19:37:19 -07:00 committed by GitHub
parent 4fbdd23283
commit fa7322365a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
caddyhttp/httpserver/server.go
View file

@ -448,6 +448,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) (int, error)
// sites that rely on TLS ClientAuth sharing a port with
// sites that do not - if mismatched, close the connection
if !vhost.TLS.InsecureDisableSNIMatching && r.TLS != nil &&
vhost.TLS.ClientAuth != tls.NoClientCert &&
strings.ToLower(r.TLS.ServerName) != strings.ToLower(hostname) {
r.Close = true
log.Printf("[ERROR] %s - strict host matching: SNI (%s) and HTTP Host (%s) values differ",