summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2017-04-26 14:00:49 -0400
committerMatt Holt <[email protected]>2017-04-26 12:00:49 -0600
commit1bae36ef29aea6fd3b604ed1de5009ab0c074705 (patch)
tree7659b9e2dccf52b38c355bbad66f10412d91b609
parent52fd4f89bf9ffbb536a494331ab8e0af507cc466 (diff)
downloadcaddy-1bae36ef29aea6fd3b604ed1de5009ab0c074705.tar.gz
caddy-1bae36ef29aea6fd3b604ed1de5009ab0c074705.zip
Fix 1592: Allow insecure CA URL on internal networks (#1607)
* Strip brackets in IsInternal if no port, allow loopback for CA URLs * Fix a mistake * Improve the trim * Fix comment
-rw-r--r--caddy.go5
-rw-r--r--caddy_test.go2
2 files changed, 6 insertions, 1 deletions
diff --git a/caddy.go b/caddy.go
index 3d8a6139b..7e07a5dc3 100644
--- a/caddy.go
+++ b/caddy.go
@@ -777,7 +777,10 @@ func IsInternal(addr string) bool {
host, _, err := net.SplitHostPort(addr)
if err != nil {
- host = addr // happens if the addr is just a hostname
+ host = addr // happens if the addr is just a hostname, missing port
+ // if we encounter an error, the brackets need to be stripped
+ // because SplitHostPort didn't do it for us
+ host = strings.Trim(host, "[]")
}
ip := net.ParseIP(host)
if ip == nil {
diff --git a/caddy_test.go b/caddy_test.go
index 2f86105b0..51765d77d 100644
--- a/caddy_test.go
+++ b/caddy_test.go
@@ -94,6 +94,8 @@ func TestIsInternal(t *testing.T) {
{"fbff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", false},
{"fc00::", true},
{"fc00::1", true},
+ {"[fc00::1]", true},
+ {"[fc00::1]:8888", true},
{"fdff:ffff:ffff:ffff:ffff:ffff:ffff:fffe", true},
{"fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true},
{"fe00::", false},