http: Consider wildcards when evaluating automatic HTTPS

2019-09-13 11:46:58 -06:00 · 2019-09-13 11:46:58 -06:00 · 839507e24e
parent 833d67446f
commit 839507e24e
4 changed files with 9 additions and 9 deletions
--- a/go.mod
+++ b/go.mod
@ -17,7 +17,7 @@ require (
 	github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b
 	github.com/klauspost/cpuid v1.2.1
 	github.com/lucas-clemente/quic-go v0.7.1-0.20190908032346-fc962d18373a
-	github.com/mholt/certmagic v0.7.0
+	github.com/mholt/certmagic v0.7.1
 	github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936
 	github.com/muhammadmuzzammil1998/jsonc v0.0.0-20190902132743-e4903c4dea48
 	github.com/rs/cors v1.6.0
--- a/go.sum
+++ b/go.sum
@ -156,8 +156,8 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mholt/certmagic v0.7.0 h1:F1rn76bjfSq5hNF19Jb8TbfCkgR/AAxfSMLUGy1FpX8=
-github.com/mholt/certmagic v0.7.0/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w=
+github.com/mholt/certmagic v0.7.1 h1:nbSSVwvlDE3+vttD/RBikBIkxrlKVkIQOz449gCrG5Q=
+github.com/mholt/certmagic v0.7.1/go.mod h1:hqHzDsY32TwZpj/KswVylheSISjquF/eOVOaJTYV15w=
 github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI=
 github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@ -313,8 +313,8 @@ func (app *App) automaticHTTPS() error {
 					// don't obtain another one for it, unless we are
 					// supposed to ignore loaded certificates
 					if !srv.AutoHTTPS.IgnoreLoadedCerts &&
-						len(tlsApp.CertificatesWithSAN(d)) > 0 {
-						log.Printf("[INFO][%s] Skipping automatic certificate management because a certificate with that SAN is already loaded", d)
+						len(tlsApp.AllMatchingCertificates(d)) > 0 {
+						log.Printf("[INFO][%s] Skipping automatic certificate management because one or more matching certificates are already loaded", d)
 						continue
 					}
 					domainsForCerts = append(domainsForCerts, d)
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@ -200,10 +200,10 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
 	return AutomationPolicy{Management: new(ACMEManagerMaker)}
 }

-// CertificatesWithSAN returns the list of all certificates
-// in the cache the match the given SAN value.
-func (t *TLS) CertificatesWithSAN(san string) []certmagic.Certificate {
-	return t.certCache.CertificatesWithSAN(san)
+// CertificatesForSAN returns the list of all certificates in
+// the cache which could be used to satisfy the given SAN.
+func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate {
+	return t.certCache.AllMatchingCertificates(san)
 }

 // CertificateLoader is a type that can load certificates.