Allow just one TLS Protocol (Caddyfile) (#1004)

* Allow just one TLS Protocol * Fix typo

Allow just one TLS Protocol (Caddyfile) (#1004)
* Allow just one TLS Protocol * Fix typo
e5a89276 · elcore · Matt Holt · 2019eec5 · e5a89276 · e5a89276
Commit e5a89276 authored Aug 06, 2016 by elcore Committed by Matt Holt Aug 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 15 deletions

caddytls/setup.go caddytls/setup.go +21 -15

caddytls/setup_test.go caddytls/setup_test.go +22 -0

No files found.
--- a/caddytls/setup.go
+++ b/caddytls/setup.go
@@ -75,21 +75,27 @@ func setupTLS(c *caddy.Controller) error {
 				config.KeyType = value
 			case "protocols":
 				args := c.RemainingArgs()
-				if len(args) != 2 {
+				if len(args) == 1 {
-					return c.ArgErr()
+					value, ok := supportedProtocols[strings.ToLower(args[0])]
-				}
+					if !ok {
-				value, ok := supportedProtocols[strings.ToLower(args[0])]
+						return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[0])
-				if !ok {
+					}
-					return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[0])
-				}
+					config.ProtocolMinVersion, config.ProtocolMaxVersion = value, value
-				config.ProtocolMinVersion = value
+				} else {
-				value, ok = supportedProtocols[strings.ToLower(args[1])]
+					value, ok := supportedProtocols[strings.ToLower(args[0])]
-				if !ok {
+					if !ok {
-					return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
+						return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[0])
-				}
+					}
-				config.ProtocolMaxVersion = value
+					config.ProtocolMinVersion = value
-				if config.ProtocolMinVersion > config.ProtocolMaxVersion {
+					value, ok = supportedProtocols[strings.ToLower(args[1])]
-					return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
+					if !ok {
+						return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
+					}
+					config.ProtocolMaxVersion = value
+					if config.ProtocolMinVersion > config.ProtocolMaxVersion {
+						return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
+					}
 				}
 			case "ciphers":
 				for c.NextArg() {

--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@@ -269,6 +269,28 @@ func TestSetupParseWithKeyType(t *testing.T) {
 	}
 }
+func TestSetupParseWithOneTLSProtocol(t *testing.T) {
+	params := `tls {
+            protocols tls1.2
+        }`
+	cfg := new(Config)
+	RegisterConfigGetter("", func(c *caddy.Controller) *Config { return cfg })
+	c := caddy.NewTestController("", params)
+	err := setupTLS(c)
+	if err != nil {
+		t.Errorf("Expected no errors, got: %v", err)
+	}
+	if cfg.ProtocolMinVersion != cfg.ProtocolMaxVersion {
+		t.Errorf("Expected ProtocolMinVersion to be the same as ProtocolMaxVersion")
+	}
+	if cfg.ProtocolMinVersion != tls.VersionTLS12 && cfg.ProtocolMaxVersion != tls.VersionTLS12 {
+		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMinVersion/ProtocolMaxVersion, got %v/%v", cfg.ProtocolMinVersion, cfg.ProtocolMaxVersion)
+	}
+}
 const (
 	certFile = "test_cert.pem"
 	keyFile  = "test_key.pem"