aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2021-10-27 13:43:58 -0600
committerMatthew Holt <[email protected]>2021-10-27 13:43:58 -0600
commitc0d1d451376a203a1aa18ef1e936197f6fda1ad7 (patch)
tree9ff80cb548fb5b9e1d0bfe9fa5c88d847a6f7b75
parentf73f55dba745a8a527202b87fdd3ff88fa9f40b1 (diff)
downloadcaddy-c0d1d451376a203a1aa18ef1e936197f6fda1ad7.tar.gz
caddy-c0d1d451376a203a1aa18ef1e936197f6fda1ad7.zip
httpcaddyfile: Allow most IPs for public certspublic-ip-certs
See corresponding public-ip-certs branch of CertMagic, which this requires. At time of writing this feature is not ready to ship, because no public CAs offer IP certs via ACME.
-rw-r--r--caddyconfig/httpcaddyfile/tlsapp.go3
1 files changed, 1 insertions, 2 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 0fe1fc5f2..35b555bf4 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -617,8 +617,7 @@ func automationPolicyShadows(i int, aps []*caddytls.AutomationPolicy) int {
// that this allows domains with multiple wildcard levels like '*.*.example.com' to qualify
// if the automation policy has OnDemand enabled (i.e. this function is more lenient).
func subjectQualifiesForPublicCert(ap *caddytls.AutomationPolicy, subj string) bool {
- return !certmagic.SubjectIsIP(subj) &&
- !certmagic.SubjectIsInternal(subj) &&
+ return !certmagic.SubjectIsInternal(subj) &&
(strings.Count(subj, "*.") < 2 || ap.OnDemand)
}