diff options
author | Matthew Holt <[email protected]> | 2024-10-04 10:23:30 -0600 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2024-10-04 10:23:30 -0600 |
commit | 88fd5f3491ab888f69f0be02cea68a49164298eb (patch) | |
tree | a16d7f8fa979273a4a6fc386b10dba2e9c51f4a7 /caddytest/integration/caddyfile_adapt/global_options.caddyfiletest | |
parent | 2ae58ac13e1757bccc935818879bc12a2320aea3 (diff) | |
download | caddy-88fd5f3491ab888f69f0be02cea68a49164298eb.tar.gz caddy-88fd5f3491ab888f69f0be02cea68a49164298eb.zip |
caddyhttp: Use internal issuer for IPs when no APs configured
This fixes a regression in 2.8 where IP addresses
would be considered qualifying for public certs
by auto-HTTPS. The default issuers do not issue
IP certs at this time, so if no APs are explicitly
configured, we assign them to the internal
issuer. We have to add a couple lines of code because
CertMagic can no longer consider IPs as not
qualifying for public certs, since there are public CAs
that issue IP certs. This edge case is specific to Caddy's
auto-HTTPS.
Without this patch, Caddy will try using Let's Encrypt
or ZeroSSL's ACME endpoint to get IP certs, neither
of which support that.
Diffstat (limited to 'caddytest/integration/caddyfile_adapt/global_options.caddyfiletest')
0 files changed, 0 insertions, 0 deletions