Stowage/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-10-19 15:53:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

caddytls: Match automation policies by wildcard subjects too

Browse source 
https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt

Also use new CertMagic function for matching wildcard names
This commit is contained in:
Matthew Holt 2020-03-26 14:01:38 -06:00
parent 5c55e5d53f
commit c87f82f0ce
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
4 changed files with 12 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/caddytls/matchers.go
View file

@ -16,9 +16,9 @@ package caddytls
import (
"crypto/tls"
"strings"
"github.com/caddyserver/caddy/v2"
"github.com/caddyserver/certmagic"
)
func init() {
@ -41,23 +41,9 @@ func (MatchServerName) CaddyModule() caddy.ModuleInfo {
// Match matches hello based on SNI.
func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool {
for _, name := range m {
if hello.ServerName == name {
if certmagic.MatchWildcard(hello.ServerName, name) {
return true
}
// check for wildcard match on this name, but only
// bother if there is even a wildcard character
if !strings.Contains(name, "*") {
continue
}
labels := strings.Split(hello.ServerName, ".")
for i := range labels {
labels[i] = "*"
candidate := strings.Join(labels, ".")
if candidate == name {
return true
}
}
}
return false
}