From dbe164d98a58e8b0dbf3fed26e4e9bb6f668a9e2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 11 May 2021 15:26:07 -0600 Subject: [PATCH] httpcaddyfile: Fix automation policy consolidation again (fix #4161) Also fix a previous test that asserted incorrect behavior. --- caddyconfig/httpcaddyfile/tlsapp.go | 5 +- .../tls_automation_policies_4.txt | 12 -- .../tls_automation_policies_6.txt | 120 ++++++++++++++++++ 3 files changed, 124 insertions(+), 13 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index c4af8e4c3..2510a9bf8 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -510,7 +510,10 @@ outer: // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { aps = append(aps[:j], aps[j+1:]...) - break + // must re-evaluate current i against next j; can't skip it! + // even if i decrements to -1, will be incremented to 0 immediately + i-- + continue outer } // if the policy is the same, we can keep just one, but we have diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt index 502dbd0b1..d8f2164de 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt @@ -124,18 +124,6 @@ abc.de { "tls": { "automation": { "policies": [ - { - "issuers": [ - { - "email": "my.email@example.com", - "module": "acme" - }, - { - "email": "my.email@example.com", - "module": "zerossl" - } - ] - }, { "issuers": [ { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt new file mode 100644 index 000000000..b3ad7ff2d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt @@ -0,0 +1,120 @@ +# (this Caddyfile is contrived, but based on issue #4161) + +example.com { + tls { + ca https://foobar + } +} + +example.com:8443 { + tls { + ca https://foobar + } +} + +example.com:8444 { + tls { + ca https://foobar + } +} + +example.com:8445 { + tls { + ca https://foobar + } +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":8443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv2": { + "listen": [ + ":8444" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv3": { + "listen": [ + ":8445" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "ca": "https://foobar", + "module": "acme" + } + ] + } + ] + } + } + } +} \ No newline at end of file