Disable TLS completely if there is no listener with tls enabled (#1456)

* Disable TLS completely if there is no listener with tls enabled * Format code
2025-01-21 05:50:46 +08:00 · 2017-02-19 16:09:35 +01:00 · 2017-02-19 16:09:35 +01:00 · 1262ae92e9
commit 1262ae92e9
parent 6083871088
2 changed files with 25 additions and 5 deletions
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@ -93,9 +93,11 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {

 	s.tlsConfig = tlsConfigs

-	s.Server.TLSConfig = &tls.Config{
-		GetConfigForClient: s.tlsConfig.GetConfigForClient,
-		GetCertificate:     s.tlsConfig.GetCertificate,
+	if caddytls.HasTLSEnabled(allConfigs) {
+		s.Server.TLSConfig = &tls.Config{
+			GetConfigForClient: s.tlsConfig.GetConfigForClient,
+			GetCertificate:     s.tlsConfig.GetCertificate,
+		}
 	}

 	// As of Go 1.7, HTTP/2 is enabled only if NextProtos includes the string "h2"
--- a/caddytls/config.go
+++ b/caddytls/config.go
@ -230,14 +230,22 @@ func (cfg *Config) Build(group ConfigGroup) error {
 		return err
 	}

-	cfg.tlsConfig = config
-	cfg.tlsConfig.GetCertificate = group.GetCertificate
+	if config != nil {
+		cfg.tlsConfig = config
+		cfg.tlsConfig.GetCertificate = group.GetCertificate
+	}
+
 	return nil
+
 }

 func (cfg *Config) build() (*tls.Config, error) {
 	config := new(tls.Config)

+	if !cfg.Enabled {
+		return nil, nil
+	}
+
 	ciphersAdded := make(map[uint16]struct{})
 	curvesAdded := make(map[tls.CurveID]struct{})

@ -337,6 +345,16 @@ func CheckConfigs(configs []*Config) error {
 	return nil
 }

+func HasTLSEnabled(configs []*Config) bool {
+	for _, config := range configs {
+		if config.Enabled {
+			return true
+		}
+	}
+
+	return false
+}
+
 // ConfigGetter gets a Config keyed by key.
 type ConfigGetter func(c *caddy.Controller) *Config