Ensure certificate has a non-nil config when caching (fixes #875)

Also we change the scheme of the site's address if TLS is enabled and
no other scheme is explicitly set; this makes it appear as "https" when
we print it; otherwise it would show "http" when TLS is turned on
implicitly, and that is confusing/incorrect.

caddyhttp/httpserver/plugin.go

@@ -115,9 +115,19 @@ func (h *httpContext) MakeServers() ([]caddy.Server, error) {
 	// make sure TLS is disabled for explicitly-HTTP sites
 	// (necessary when HTTP address shares a block containing tls)
 	for _, cfg := range h.siteConfigs {
-		if cfg.TLS.Enabled && (cfg.Addr.Port == "80" || cfg.Addr.Scheme == "http") {
+		if !cfg.TLS.Enabled {
+			continue
+		}
+		if cfg.Addr.Port == "80" || cfg.Addr.Scheme == "http" {
 			cfg.TLS.Enabled = false
 			log.Printf("[WARNING] TLS disabled for %s", cfg.Addr)
+		} else if cfg.Addr.Scheme == "" {
+			// set scheme to https ourselves, since TLS is enabled
+			// and it was not explicitly set to something else. this
+			// makes it appear as "https" when we print the list of
+			// running sites; otherwise "http" would be assumed which
+			// is incorrect for this site.
+			cfg.Addr.Scheme = "https"
 		}
 	}
 

caddytls/certificates.go

@@ -205,6 +205,9 @@ func makeCertificate(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
 //
 // This function is safe for concurrent use.
 func cacheCertificate(cert Certificate) {
+	if cert.Config == nil {
+		cert.Config = new(Config)
+	}
 	certCacheMu.Lock()
 	if _, ok := certCache[""]; !ok {
 		// use as default - must be *appended* to list, or bad things happen!

caddytls/config.go

@@ -17,7 +17,7 @@ type Config struct {
 	// The hostname or class of hostnames this config is
 	// designated for; can contain wildcard characters
 	// according to RFC 6125 §6.4.3 - this field MUST
-	// NOT be empty in order for things to work smoothly
+	// be set in order for things to work as expected
 	Hostname string
 
 	// Whether TLS is enabled