summaryrefslogtreecommitdiffhomepage
path: root/caddytls/handshake.go
diff options
context:
space:
mode:
Diffstat (limited to 'caddytls/handshake.go')
-rw-r--r--caddytls/handshake.go24
1 files changed, 24 insertions, 0 deletions
diff --git a/caddytls/handshake.go b/caddytls/handshake.go
index 0cd8a15ad..5bed3adea 100644
--- a/caddytls/handshake.go
+++ b/caddytls/handshake.go
@@ -88,6 +88,30 @@ func (cg configGroup) getConfig(hello *tls.ClientHelloInfo) *Config {
// TLS configuration for; any config will do for
// this purpose
for _, config := range cg {
+ // important! disable on-demand TLS so we don't
+ // try to get certificates for unrecognized names;
+ // this requires a careful pointer dance... first
+ // make shallow copies of the structs
+ if config.Manager != nil && config.Manager.OnDemand != nil {
+ cfgCopy := *config
+ mgrCopy := *config.Manager
+ tlsCfgCopy := config.tlsConfig.Clone()
+
+ // then turn off on-demand TLS
+ mgrCopy.OnDemand = nil
+
+ // then change the copies; make sure the
+ // GetCertificate callback is updated so
+ // it points to our modified config
+ cfgCopy.Manager = &mgrCopy
+ tlsCfgCopy.GetCertificate = mgrCopy.GetCertificate
+ cfgCopy.tlsConfig = tlsCfgCopy
+
+ // finally, return the reconstructed config
+ return &cfgCopy
+ }
+ // if on-demand TLS was not enabled, we should
+ // be able to use this config directly
return config
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 03:05:56 +0000