diff options
author | Francis Lavoie <[email protected]> | 2017-04-26 14:00:49 -0400 |
---|---|---|
committer | Matt Holt <[email protected]> | 2017-04-26 12:00:49 -0600 |
commit | 1bae36ef29aea6fd3b604ed1de5009ab0c074705 (patch) | |
tree | 7659b9e2dccf52b38c355bbad66f10412d91b609 | |
parent | 52fd4f89bf9ffbb536a494331ab8e0af507cc466 (diff) | |
download | caddy-1bae36ef29aea6fd3b604ed1de5009ab0c074705.tar.gz caddy-1bae36ef29aea6fd3b604ed1de5009ab0c074705.zip |
Fix 1592: Allow insecure CA URL on internal networks (#1607)
* Strip brackets in IsInternal if no port, allow loopback for CA URLs
* Fix a mistake
* Improve the trim
* Fix comment
-rw-r--r-- | caddy.go | 5 | ||||
-rw-r--r-- | caddy_test.go | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -777,7 +777,10 @@ func IsInternal(addr string) bool { host, _, err := net.SplitHostPort(addr) if err != nil { - host = addr // happens if the addr is just a hostname + host = addr // happens if the addr is just a hostname, missing port + // if we encounter an error, the brackets need to be stripped + // because SplitHostPort didn't do it for us + host = strings.Trim(host, "[]") } ip := net.ParseIP(host) if ip == nil { diff --git a/caddy_test.go b/caddy_test.go index 2f86105b0..51765d77d 100644 --- a/caddy_test.go +++ b/caddy_test.go @@ -94,6 +94,8 @@ func TestIsInternal(t *testing.T) { {"fbff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", false}, {"fc00::", true}, {"fc00::1", true}, + {"[fc00::1]", true}, + {"[fc00::1]:8888", true}, {"fdff:ffff:ffff:ffff:ffff:ffff:ffff:fffe", true}, {"fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true}, {"fe00::", false}, |