Only consume HTTP challenge for names we are solving for (closes #549)
If another ACME client is trying to solve a challenge for a name not being served by Caddy on the same machine where Caddy is running, the HTTP challenge will be consumed by Caddy rather than allowing the owner to use the Caddyfile to proxy the challenge. With this change, we only consume requests for HTTP challenges for hostnames that we recognize. Before doing the challenge, we add the name to a set, and when seeing if we should proxy the challenge, we first check the path of course to see if it is an HTTP challenge; if it is, we then check that set to see if the hostname is in the set. Only if it is, do we consume it. Otherwise, the request is treated like any other, allowing the owner to configure a proxy for such requests to another ACME client.
Showing
Please register or sign in to comment