httpcaddyfile: Allow most IPs for public certspublic-ip-certs

See corresponding public-ip-certs branch of CertMagic, which this requires. At time of writing this feature is not ready to ship, because no public CAs offer IP certs via ACME.
author: Matthew Holt <[email protected]> 2021-10-27 13:43:58 -0600
committer: Matthew Holt <[email protected]> 2021-10-27 13:43:58 -0600
commit: c0d1d451376a203a1aa18ef1e936197f6fda1ad7 (patch)
tree: 9ff80cb548fb5b9e1d0bfe9fa5c88d847a6f7b75 /caddyconfig
parent: f73f55dba745a8a527202b87fdd3ff88fa9f40b1 (diff)
download: caddy-public-ip-certs.tar.gz
caddy-public-ip-certs.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 0fe1fc5f2..35b555bf4 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -617,8 +617,7 @@ func automationPolicyShadows(i int, aps []*caddytls.AutomationPolicy) int {
 // that this allows domains with multiple wildcard levels like '*.*.example.com' to qualify
 // if the automation policy has OnDemand enabled (i.e. this function is more lenient).
 func subjectQualifiesForPublicCert(ap *caddytls.AutomationPolicy, subj string) bool {
-	return !certmagic.SubjectIsIP(subj) &&
-		!certmagic.SubjectIsInternal(subj) &&
+	return !certmagic.SubjectIsInternal(subj) &&
 		(strings.Count(subj, "*.") < 2 || ap.OnDemand)
 }
author	Matthew Holt <[email protected]>	2021-10-27 13:43:58 -0600
committer	Matthew Holt <[email protected]>	2021-10-27 13:43:58 -0600
commit	c0d1d451376a203a1aa18ef1e936197f6fda1ad7 (patch)
tree	9ff80cb548fb5b9e1d0bfe9fa5c88d847a6f7b75 /caddyconfig
parent	f73f55dba745a8a527202b87fdd3ff88fa9f40b1 (diff)
download	caddy-public-ip-certs.tar.gz caddy-public-ip-certs.zip