diff options
author | Matthew Holt <[email protected]> | 2021-10-27 13:43:58 -0600 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2021-10-27 13:43:58 -0600 |
commit | c0d1d451376a203a1aa18ef1e936197f6fda1ad7 (patch) | |
tree | 9ff80cb548fb5b9e1d0bfe9fa5c88d847a6f7b75 | |
parent | f73f55dba745a8a527202b87fdd3ff88fa9f40b1 (diff) | |
download | caddy-public-ip-certs.tar.gz caddy-public-ip-certs.zip |
httpcaddyfile: Allow most IPs for public certspublic-ip-certs
See corresponding public-ip-certs branch of CertMagic,
which this requires.
At time of writing this feature is not ready to ship,
because no public CAs offer IP certs via ACME.
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 0fe1fc5f2..35b555bf4 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -617,8 +617,7 @@ func automationPolicyShadows(i int, aps []*caddytls.AutomationPolicy) int { // that this allows domains with multiple wildcard levels like '*.*.example.com' to qualify // if the automation policy has OnDemand enabled (i.e. this function is more lenient). func subjectQualifiesForPublicCert(ap *caddytls.AutomationPolicy, subj string) bool { - return !certmagic.SubjectIsIP(subj) && - !certmagic.SubjectIsInternal(subj) && + return !certmagic.SubjectIsInternal(subj) && (strings.Count(subj, "*.") < 2 || ap.OnDemand) } |