Fix 1592: Allow insecure CA URL on internal networks (#1607)

* Strip brackets in IsInternal if no port, allow loopback for CA URLs * Fix a mistake * Improve the trim * Fix comment

Fix 1592: Allow insecure CA URL on internal networks (#1607)
* Strip brackets in IsInternal if no port, allow loopback for CA URLs * Fix a mistake * Improve the trim * Fix comment
1bae36ef · Francis Lavoie · Matt Holt · 52fd4f89 · 1bae36ef · 1bae36ef
Commit 1bae36ef authored Apr 26, 2017 by Francis Lavoie Committed by Matt Holt Apr 26, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

caddy.go caddy.go +4 -1

caddy_test.go caddy_test.go +2 -0

No files found.
--- a/caddy.go
+++ b/caddy.go
@@ -777,7 +777,10 @@ func IsInternal(addr string) bool {

 	host, _, err := net.SplitHostPort(addr)
 	if err != nil {
-		host = addr // happens if the addr is just a hostname
+		host = addr // happens if the addr is just a hostname, missing port
+		// if we encounter an error, the brackets need to be stripped
+		// because SplitHostPort didn't do it for us
+		host = strings.Trim(host, "[]")
 	}
 	ip := net.ParseIP(host)
 	if ip == nil {

--- a/caddy_test.go
+++ b/caddy_test.go
@@ -94,6 +94,8 @@ func TestIsInternal(t *testing.T) {
 		{"fbff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", false},
 		{"fc00::", true},
 		{"fc00::1", true},
+		{"[fc00::1]", true},
+		{"[fc00::1]:8888", true},
 		{"fdff:ffff:ffff:ffff:ffff:ffff:ffff:fffe", true},
 		{"fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true},
 		{"fe00::", false},