mirror/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-05-24 16:41:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

tls: Add insecure_disable_sni_matching subdirective (#3075)

Browse Source 
* Disable StrictHostMatching for single server configs

* Add the insecure_disable_sni_matching directive

* Do not override insecure_disable_sni_matching

* Remove comment
This commit is contained in:
Daniel Santos
2020-02-25 16:04:59 -07:00
committed by GitHub
parent c953d17bcc
commit 4fbdd23283
5 changed files with 16 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
caddyhttp/httpserver/siteconfig.go
View File

@@ -36,16 +36,6 @@ type SiteConfig struct {
// TLS configuration
TLS *caddytls.Config
// If true, the Host header in the HTTP request must
// match the SNI value in the TLS handshake (if any).
// This should be enabled whenever a site relies on
// TLS client authentication, for example; or any time
// you want to enforce that THIS site's TLS config
// is used and not the TLS config of any other site
// on the same listener. TODO: Check how relevant this
// is with TLS 1.3.
StrictHostMatching bool
// Uncompiled middleware stack
middleware []Middleware