Disable TLS completely if there is no listener with tls enabled (#1456)

* Disable TLS completely if there is no listener with tls enabled * Format code

Disable TLS completely if there is no listener with tls enabled (#1456)
* Disable TLS completely if there is no listener with tls enabled * Format code
1262ae92 · Mateusz Gajewski · Matt Holt · 60838710 · 1262ae92 · 1262ae92
Commit 1262ae92 authored Feb 19, 2017 by Mateusz Gajewski Committed by Matt Holt Feb 19, 2017
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 5 deletions

caddyhttp/httpserver/server.go caddyhttp/httpserver/server.go +5 -3

caddytls/config.go caddytls/config.go +20 -2

No files found.
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -93,10 +93,12 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 	s.tlsConfig = tlsConfigs
+	if caddytls.HasTLSEnabled(allConfigs) {
 		s.Server.TLSConfig = &tls.Config{
 			GetConfigForClient: s.tlsConfig.GetConfigForClient,
 			GetCertificate:     s.tlsConfig.GetCertificate,
 		}
+	}
 	// As of Go 1.7, HTTP/2 is enabled only if NextProtos includes the string "h2"
 	if HTTP2 && s.Server.TLSConfig != nil && len(s.Server.TLSConfig.NextProtos) == 0 {

--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -230,14 +230,22 @@ func (cfg *Config) Build(group ConfigGroup) error {
 		return err
 	}
+	if config != nil {
 		cfg.tlsConfig = config
 		cfg.tlsConfig.GetCertificate = group.GetCertificate
+	}
 	return nil
 }
 func (cfg *Config) build() (*tls.Config, error) {
 	config := new(tls.Config)
+	if !cfg.Enabled {
+		return nil, nil
+	}
 	ciphersAdded := make(map[uint16]struct{})
 	curvesAdded := make(map[tls.CurveID]struct{})
@@ -337,6 +345,16 @@ func CheckConfigs(configs []*Config) error {
 	return nil
 }
+func HasTLSEnabled(configs []*Config) bool {
+	for _, config := range configs {
+		if config.Enabled {
+			return true
+		}
+	}
+	return false
+}
 // ConfigGetter gets a Config keyed by key.
 type ConfigGetter func(c *caddy.Controller) *Config