• Matt Holt's avatar
    tls: Fall back to certificate keyed by empty name (fixes #2035) (#2037) · 6e2de19d
    Matt Holt authored
    * tls: Fall back to certificate keyed by empty name (fixes #2035)
    
    This should only happen for sites defined with an empty hostname (like
    ":8080") and which are using self-signed certificates or some other
    funky self-managed certificate. But that certificate should arguably
    be used for all incoming SNI names.
    
    * tls: Revert to serving any certificate if no match, regardless of SNI
    
    Also fix self-signed certs to include IP addresses in their name
    if they are configured to serve an IP address
    
    * Remove tests which are now irrelevant (behavior reverted)
    
    It would be good to revisit this in the future.
    6e2de19d
crypto.go 11.2 KB