diff options
author | Francis Lavoie <[email protected]> | 2022-03-01 20:02:39 -0500 |
---|---|---|
committer | GitHub <[email protected]> | 2022-03-01 20:02:39 -0500 |
commit | 5bd96a6ac22849cd9fbbaae5285f0161e272b8e4 (patch) | |
tree | 7bfc2dd916612382e5adc3d1a144ccc2e00cde43 | |
parent | ac14b64e08a6ea63067c62cf1bad9cd6ad823d60 (diff) | |
download | caddy-5bd96a6ac22849cd9fbbaae5285f0161e272b8e4.tar.gz caddy-5bd96a6ac22849cd9fbbaae5285f0161e272b8e4.zip |
httpcaddyfile: Support explicitly turning off `strict_sni_host` (#4592)
-rw-r--r-- | caddyconfig/httpcaddyfile/serveroptions.go | 11 | ||||
-rw-r--r-- | caddytest/integration/caddyfile_adapt/global_server_options_multi.txt | 12 |
2 files changed, 17 insertions, 6 deletions
diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 623f4d7c4..7a7525241 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -157,11 +157,14 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error serverOpts.ExperimentalHTTP3 = true case "strict_sni_host": - if d.NextArg() { - return nil, d.ArgErr() + if d.NextArg() && d.Val() != "insecure_off" && d.Val() != "on" { + return nil, d.Errf("strict_sni_host only supports 'on' or 'insecure_off', got '%s'", d.Val()) + } + boolVal := true + if d.Val() == "insecure_off" { + boolVal = false } - trueBool := true - serverOpts.StrictSNIHost = &trueBool + serverOpts.StrictSNIHost = &boolVal default: return nil, d.Errf("unrecognized protocol option '%s'", d.Val()) diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt index 90c02e5ed..c01173b4f 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt @@ -3,6 +3,9 @@ timeouts { idle 90s } + protocol { + strict_sni_host insecure_off + } } servers :80 { timeouts { @@ -13,6 +16,9 @@ timeouts { idle 30s } + protocol { + strict_sni_host + } } } @@ -46,7 +52,8 @@ http://bar.com { ], "terminal": true } - ] + ], + "strict_sni_host": true }, "srv1": { "listen": [ @@ -70,7 +77,8 @@ http://bar.com { "listen": [ ":8080" ], - "idle_timeout": 90000000000 + "idle_timeout": 90000000000, + "strict_sni_host": false } } } |