sdgoij/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-01-17 01:30:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup

Browse Source 
We should look into a way to enable this by default when TLS client auth
is configured for a server
This commit is contained in:
Matthew Holt
2019-06-26 16:03:29 -06:00
parent a524bcfe78
commit 2b22d2e6ea
4 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/caddytls/tls.go
View File

@@ -88,15 +88,16 @@ func (t *TLS) Provision(ctx caddy.Context) error {
// Start activates the TLS module.
func (t *TLS) Start() error {
magic := certmagic.New(t.certCache, certmagic.Config{
Storage: t.ctx.Storage(),
})
// load manual/static (unmanaged) certificates
for _, loader := range t.certificateLoaders {
certs, err := loader.LoadCertificates()
if err != nil {
return fmt.Errorf("loading certificates: %v", err)
}
magic := certmagic.New(t.certCache, certmagic.Config{
Storage: t.ctx.Storage(),
})
for _, cert := range certs {
err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
if err != nil {