0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-23 22:27:38 -05:00

Set protocol version properly (fixes #943)

This commit is contained in:
Matthew Holt 2016-07-19 11:48:39 -06:00
parent cf4e0c9c9c
commit b35d19d78e
3 changed files with 30 additions and 4 deletions

View file

@ -9,11 +9,12 @@ import (
"io/ioutil"
"time"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
"log"
"net/url"
"strings"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
)
// Config describes how TLS should be configured and used.
@ -322,10 +323,10 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
}
// Go with the widest range of protocol versions
if cfg.ProtocolMinVersion < config.MinVersion {
if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {
config.MinVersion = cfg.ProtocolMinVersion
}
if cfg.ProtocolMaxVersion < config.MaxVersion {
if cfg.ProtocolMaxVersion > config.MaxVersion {
config.MaxVersion = cfg.ProtocolMaxVersion
}

View file

@ -1,12 +1,34 @@
package caddytls
import (
"crypto/tls"
"errors"
"net/url"
"reflect"
"testing"
)
func TestMakeTLSConfig(t *testing.T) {
// same min and max protocol versions
configs := []*Config{
{
Enabled: true,
ProtocolMinVersion: tls.VersionTLS12,
ProtocolMaxVersion: tls.VersionTLS12,
},
}
result, err := MakeTLSConfig(configs)
if err != nil {
t.Fatalf("Did not expect an error, but got %v", err)
}
if got, want := result.MinVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected min version to be %x, got %x", want, got)
}
if got, want := result.MaxVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected max version to be %x, got %x", want, got)
}
}
func TestStorageForNoURL(t *testing.T) {
c := &Config{}
if _, err := c.StorageFor(""); err == nil {

View file

@ -88,6 +88,9 @@ func setupTLS(c *caddy.Controller) error {
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
}
config.ProtocolMaxVersion = value
if config.ProtocolMinVersion > config.ProtocolMaxVersion {
return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
}
case "ciphers":
for c.NextArg() {
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]