Skip to content

Commit 6718bd4

Browse files
mholtmholt
committed
caddytls: Finish removing prefer_wildcard
Finish what should have been done a year ago in #6959)
1 parent 80bf818 commit 6718bd4

File tree

2 files changed

+1
-53
lines changed

2 files changed

+1
-53
lines changed

caddyconfig/httpcaddyfile/options.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -457,9 +457,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ any) (any, error) {
457457
case "disable_redirects":
458458
case "disable_certs":
459459
case "ignore_loaded_certs":
460-
case "prefer_wildcard":
461460
default:
462-
return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', 'ignore_loaded_certs', or 'prefer_wildcard'")
461+
return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', or 'ignore_loaded_certs'")
463462
}
464463
}
465464
return val, nil

caddyconfig/httpcaddyfile/tlsapp.go

Lines changed: 0 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -92,26 +92,8 @@ func (st ServerType) buildTLSApp(
9292
tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, catchAllAP)
9393
}
9494

95-
var wildcardHosts []string // collect all hosts that have a wildcard in them, and aren't HTTP
9695
forcedAutomatedNames := make(map[string]struct{}) // explicitly configured to be automated, even if covered by a wildcard
9796

98-
for _, p := range pairings {
99-
var addresses []string
100-
for _, addressWithProtocols := range p.addressesWithProtocols {
101-
addresses = append(addresses, addressWithProtocols.address)
102-
}
103-
if !listenersUseAnyPortOtherThan(addresses, httpPort) {
104-
continue
105-
}
106-
for _, sblock := range p.serverBlocks {
107-
for _, addr := range sblock.parsedKeys {
108-
if strings.HasPrefix(addr.Host, "*.") {
109-
wildcardHosts = append(wildcardHosts, addr.Host[2:])
110-
}
111-
}
112-
}
113-
}
114-
11597
for _, p := range pairings {
11698
// avoid setting up TLS automation policies for a server that is HTTP-only
11799
var addresses []string
@@ -135,12 +117,6 @@ func (st ServerType) buildTLSApp(
135117
return nil, warnings, err
136118
}
137119

138-
// make a plain copy so we can compare whether we made any changes
139-
apCopy, err := newBaseAutomationPolicy(options, warnings, true)
140-
if err != nil {
141-
return nil, warnings, err
142-
}
143-
144120
sblockHosts := sblock.hostsFromKeys(false)
145121
if len(sblockHosts) == 0 && catchAllAP != nil {
146122
ap = catchAllAP
@@ -253,16 +229,6 @@ func (st ServerType) buildTLSApp(
253229
hostsNotHTTP := sblock.hostsFromKeysNotHTTP(httpPort)
254230
sort.Strings(hostsNotHTTP) // solely for deterministic test results
255231

256-
// if the we prefer wildcards and the AP is unchanged,
257-
// then we can skip this AP because it should be covered
258-
// by an AP with a wildcard
259-
if slices.Contains(autoHTTPS, "prefer_wildcard") {
260-
if hostsCoveredByWildcard(hostsNotHTTP, wildcardHosts) &&
261-
reflect.DeepEqual(ap, apCopy) {
262-
continue
263-
}
264-
}
265-
266232
// associate our new automation policy with this server block's hosts
267233
ap.SubjectsRaw = hostsNotHTTP
268234

@@ -849,20 +815,3 @@ func automationPolicyHasAllPublicNames(ap *caddytls.AutomationPolicy) bool {
849815
func isTailscaleDomain(name string) bool {
850816
return strings.HasSuffix(strings.ToLower(name), ".ts.net")
851817
}
852-
853-
func hostsCoveredByWildcard(hosts []string, wildcards []string) bool {
854-
if len(hosts) == 0 || len(wildcards) == 0 {
855-
return false
856-
}
857-
for _, host := range hosts {
858-
for _, wildcard := range wildcards {
859-
if strings.HasPrefix(host, "*.") {
860-
continue
861-
}
862-
if certmagic.MatchWildcard(host, "*."+wildcard) {
863-
return true
864-
}
865-
}
866-
}
867-
return false
868-
}

0 commit comments

Comments
 (0)