Commit 1262ae92 authored by Mateusz Gajewski's avatar Mateusz Gajewski Committed by Matt Holt

Disable TLS completely if there is no listener with tls enabled (#1456)

* Disable TLS completely if there is no listener with tls enabled

* Format code
parent 60838710
......@@ -93,10 +93,12 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
s.tlsConfig = tlsConfigs
if caddytls.HasTLSEnabled(allConfigs) {
s.Server.TLSConfig = &tls.Config{
GetConfigForClient: s.tlsConfig.GetConfigForClient,
GetCertificate: s.tlsConfig.GetCertificate,
}
}
// As of Go 1.7, HTTP/2 is enabled only if NextProtos includes the string "h2"
if HTTP2 && s.Server.TLSConfig != nil && len(s.Server.TLSConfig.NextProtos) == 0 {
......
......@@ -230,14 +230,22 @@ func (cfg *Config) Build(group ConfigGroup) error {
return err
}
if config != nil {
cfg.tlsConfig = config
cfg.tlsConfig.GetCertificate = group.GetCertificate
}
return nil
}
func (cfg *Config) build() (*tls.Config, error) {
config := new(tls.Config)
if !cfg.Enabled {
return nil, nil
}
ciphersAdded := make(map[uint16]struct{})
curvesAdded := make(map[tls.CurveID]struct{})
......@@ -337,6 +345,16 @@ func CheckConfigs(configs []*Config) error {
return nil
}
func HasTLSEnabled(configs []*Config) bool {
for _, config := range configs {
if config.Enabled {
return true
}
}
return false
}
// ConfigGetter gets a Config keyed by key.
type ConfigGetter func(c *caddy.Controller) *Config
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment