SW/traefik
2
0
Fork 1
forked from Ivasoft/traefik
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Serve TLS-Challenge certificate in first

Browse Source
This commit is contained in:
NicoMen
2018-07-12 19:10:03 +02:00
committed by Traefiker Bot
parent 3ef6bf2118
commit 14b7152bf0
5 changed files with 42 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/server.go
View File

@@ -274,11 +274,6 @@ func (s *Server) AddListener(listener func(types.Configuration)) {
// getCertificate allows to customize tlsConfig.GetCertificate behaviour to get the certificates inserted dynamically
func (s *serverEntryPoint) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
bestCertificate := s.certs.GetBestCertificate(clientHello)
if bestCertificate != nil {
return bestCertificate, nil
}
domainToCheck := types.CanonicalDomain(clientHello.ServerName)
if s.tlsALPNGetter != nil {
@@ -292,6 +287,11 @@ func (s *serverEntryPoint) getCertificate(clientHello *tls.ClientHelloInfo) (*tl
}
}
bestCertificate := s.certs.GetBestCertificate(clientHello)
if bestCertificate != nil {
return bestCertificate, nil
}
if s.onDemandListener != nil && len(domainToCheck) > 0 {
// Only check for an onDemandCert if there is a domain name
return s.onDemandListener(domainToCheck)