caddy/caddyconfig/httpcaddyfile
Matthew Holt 99f91c4c6f
httpcaddyfile: tls: Load repeated cert files only once, with one tag
See end of issue #3004. Loading the same certificate file multiple times
with different tags will result in it being de-duplicated in the in-
memory cache, because of course they all have the same bytes. This
meant that any certs of the same filename loaded with different tags
would be overwritten by the next certificate of the same filename, and
any conn policies looking for the tags of the previous ones would never
find them, causing connections to fail.

So, now we remember cert filenames and their tags, instead of loading
them multiple times and overwriting previous ones.

A user crafting their own JSON might make this error too... maybe we
won't see it happen. But if it does, one possibility is, when loading
a duplicate cert, instead of discarding it completely, merge the tag
list into the one that's already stored in the cache, then discard.
2020-02-20 10:18:29 -07:00
..
addresses_fuzz.go fuzz: introduce continuous fuzzing for Caddy (#2723) 2019-10-25 18:52:16 -06:00
addresses_test.go httpcaddyfile: Fix address parsing; don't infer port at parse-time 2020-01-19 11:51:17 -07:00
addresses.go httpcaddyfile: Fix address parsing; don't infer port at parse-time 2020-01-19 11:51:17 -07:00
builtins.go httpcaddyfile: tls: Load repeated cert files only once, with one tag 2020-02-20 10:18:29 -07:00
directives.go httpcaddyfile: 'handle_errors' directive 2020-02-16 22:24:20 -07:00
httptype_test.go caddyfile: Refactor; NewFromNextSegment(); fix repeated matchers 2020-02-14 11:01:09 -07:00
httptype.go httpcaddyfile: Combine repeated cert loaders (fix #3004) 2020-02-20 00:15:11 -07:00
options.go caddyfile: Refactor; NewFromNextSegment(); fix repeated matchers 2020-02-14 11:01:09 -07:00