caddytls: set SNI server name in context #6324
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
willnorris
force-pushed
the
will/tscert
branch
2 times, most recently
from
53fe5be
to
2059b4a
Compare
mholt
requested changes
May 18, 2024
modules/caddytls/certmanagers.go
Outdated
| @@ -22,6 +22,9 @@ func init() { | |||
| caddy.RegisterModule(HTTPCertGetter{}) | |||
| } | |||
|
|
|||
| // For referencing the requested SNI server name. | |||
| var SNIServerNameCtxKey caddy.CtxKey = "sni_server_name" | |||
There was a problem hiding this comment.
Suggested change
| var SNIServerNameCtxKey caddy.CtxKey = "sni_server_name" | |
| const ClientHelloSNICtxKey caddy.CtxKey = "client_hello_sni" |
This is potentially bikeshedding but hear me out
There was a problem hiding this comment.
I agree; SNIServerName is basically "server name indication server name" 😅 https://en.m.wikipedia.org/wiki/Server_Name_Indication
There was a problem hiding this comment.
lol, I didn't even think about what the expanded name would be. Indeed, that sounds pretty silly :) Updated name coming up.
Set the requested server name in a context value for CertGetter implementations to use. Pass ctx to tscert.GetCertificateWithContext. Signed-off-by: Will Norris <will@tailscale.com>
francislavoie
approved these changes
May 18, 2024
willnorris
added a commit
to willnorris/caddy
that referenced
this pull request
May 19, 2024
This reverts commit e66040a. The additional context value is unnecessary because certmagic already sets certmagic.ClientHelloInfoCtxKey on the same context.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Set the requested server name in a context value for certmagic.Manager implementations to use. Pass ctx to tscert.GetCertificateWithContext.
This relies on tailscale/tscert#9 to be merged first, which adds the new tscert.GetCertificateWithContext method. This will enable tailscale/caddy-tailscale#53, which enables the use of auto_https with tsnet servers running inside of caddy.
This PR only attaches the server name inside the Tailscale certmagic.Manager. I tried to find the right place to attach it for all managers, but couldn't seem to find it. I'd love some pointers for where to put this.
/cc @mholt