Fix default sni #3141

sarge · 2020-03-13T01:08:08Z

When requesting without SNI, the default connection policy needs to know to use the fallback certificate.

// arrange
caddytest.InitServer(t, ` 
  {
    http_port     9080
    https_port    9443
    default_sni   *.caddy.localhost
  }
  
  127.0.0.1:9443 {
    tls /caddy.localhost.crt /caddy.localhost.key {
    }
    respond /version 200 {
      body "hello from a.caddy.localhost"
    }	
  }
  `, "caddyfile")

	// act and assert
	caddytest.AssertGetResponse(t, "https://127.0.0.1:9443/version", 200, "hello from a.caddy.localhost")

mholt · 2020-03-13T16:33:44Z

Going to try to re-jigger the CI to attach, but I doubt it'll work...

Edit: Nope, ha...

mholt

In lieu of missing CI attachments, I cloned this locally and ran the tests, and it LGTM!

Thanks @sarge !

sarge added 5 commits March 13, 2020 13:50

add integration tests

0306053

removed SNI test

e5b3785

remove integration test condition

8b8eeff

minor edit

75fa21f

fix sni when using static certificates

7a74b4f

mholt closed this Mar 13, 2020

mholt reopened this Mar 13, 2020

mholt approved these changes Mar 13, 2020

View reviewed changes

Merge branch 'v2' into fix_default_sni

cee5c56

mholt added the v2 label Mar 13, 2020

mholt added this to the v2.0.0-beta.16 milestone Mar 13, 2020

mholt merged commit c447236 into caddyserver:v2 Mar 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix default sni #3141

Fix default sni #3141

sarge commented Mar 13, 2020 •

edited

mholt commented Mar 13, 2020 •

edited

mholt left a comment

Fix default sni #3141

Fix default sni #3141

Conversation

sarge commented Mar 13, 2020 • edited

mholt commented Mar 13, 2020 • edited

mholt left a comment

Choose a reason for hiding this comment

sarge commented Mar 13, 2020 •

edited

mholt commented Mar 13, 2020 •

edited