caddyhttp: Use internal issuer for IPs when no APs configured - caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

diff options

author	Matthew Holt <[email protected]>	2024-10-04 10:23:30 -0600
committer	Matthew Holt <[email protected]>	2024-10-04 10:23:30 -0600
commit	88fd5f3491ab888f69f0be02cea68a49164298eb (patch)
tree	a16d7f8fa979273a4a6fc386b10dba2e9c51f4a7 /caddy_test.go
parent	2ae58ac13e1757bccc935818879bc12a2320aea3 (diff)
download	caddy-88fd5f3491ab888f69f0be02cea68a49164298eb.tar.gz caddy-88fd5f3491ab888f69f0be02cea68a49164298eb.zip

caddyhttp: Use internal issuer for IPs when no APs configured

This fixes a regression in 2.8 where IP addresses would be considered qualifying for public certs by auto-HTTPS. The default issuers do not issue IP certs at this time, so if no APs are explicitly configured, we assign them to the internal issuer. We have to add a couple lines of code because CertMagic can no longer consider IPs as not qualifying for public certs, since there are public CAs that issue IP certs. This edge case is specific to Caddy's auto-HTTPS. Without this patch, Caddy will try using Let's Encrypt or ZeroSSL's ACME endpoint to get IP certs, neither of which support that.

Diffstat (limited to 'caddy_test.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: