aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2024-06-28 12:15:41 -0600
committerMatthew Holt <[email protected]>2024-06-28 12:15:41 -0600
commitf8861ca16bd475e8519e7dbf5a2b55e81b329874 (patch)
treea4828e695d2c0e4deeac1977185dbcf11e487952 /modules
parentc2ccf8690f315aa0ebab930c3aadcc6cd11fc9e9 (diff)
downloadcaddy-f8861ca16bd475e8519e7dbf5a2b55e81b329874.tar.gz
caddy-f8861ca16bd475e8519e7dbf5a2b55e81b329874.zip
reverseproxy: Wire up TLS options for H3 transport
Diffstat (limited to 'modules')
-rw-r--r--modules/caddyhttp/reverseproxy/httptransport.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index 80a498066..d42453684 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -363,6 +363,13 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
// site owners control the backends), so it must be exclusive
if len(h.Versions) == 1 && h.Versions[0] == "3" {
h.h3Transport = new(http3.RoundTripper)
+ if h.TLS != nil {
+ var err error
+ h.h3Transport.TLSClientConfig, err = h.TLS.MakeTLSClientConfig(caddyCtx)
+ if err != nil {
+ return nil, fmt.Errorf("making TLS client config for HTTP/3 transport: %v", err)
+ }
+ }
} else if len(h.Versions) > 1 && sliceContains(h.Versions, "3") {
return nil, fmt.Errorf("if HTTP/3 is enabled to the upstream, no other HTTP versions are supported")
}