From 7984e6f6fd235b033adb933b2030b9ba9bc66eeb Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 14 Oct 2023 16:23:50 -0400 Subject: [PATCH] httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) --- caddyconfig/httpcaddyfile/tlsapp.go | 1 + .../tls_automation_policies_11.txt | 67 +++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_11.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 927f225df3a..cb947a6e412 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -582,6 +582,7 @@ outer: // eaten up by the one with subjects; and if both have subjects, we // need to combine their lists if reflect.DeepEqual(aps[i].IssuersRaw, aps[j].IssuersRaw) && + reflect.DeepEqual(aps[i].ManagersRaw, aps[j].ManagersRaw) && bytes.Equal(aps[i].StorageRaw, aps[j].StorageRaw) && aps[i].MustStaple == aps[j].MustStaple && aps[i].KeyType == aps[j].KeyType && diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_11.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_11.txt new file mode 100644 index 00000000000..9cdfd120033 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_11.txt @@ -0,0 +1,67 @@ +# example from https://caddy.community/t/21415 +a.com { + tls { + get_certificate http http://foo.com/get + } +} + +b.com { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.com" + ], + "get_certificate": [ + { + "url": "http://foo.com/get", + "via": "http" + } + ] + }, + { + "subjects": [ + "b.com" + ] + } + ] + } + } + } +} \ No newline at end of file