Apply DefaultServerName more broadly during handshake (#287)

mholt · web-flow · commit 8ac11fafd024 · 2024-05-13T09:08:05.000-06:00
diff --git a/handshake.go b/handshake.go
@@ -123,7 +123,7 @@ func (cfg *Config) getCertificateFromCache(hello *tls.ClientHelloInfo) (cert Cer
 			}
 		}
 
-		// fall back to a "default" certificate, if specified
+		// use a "default" certificate by name, if specified
 		if cfg.DefaultServerName != "" {
 			normDefault := normalizedName(cfg.DefaultServerName)
 			cert, defaulted = cfg.selectCert(hello, normDefault)
@@ -835,10 +835,13 @@ func (cfg *Config) getTLSALPNChallengeCert(clientHello *tls.ClientHelloInfo) (*t
 // getNameFromClientHello returns a normalized form of hello.ServerName.
 // If hello.ServerName is empty (i.e. client did not use SNI), then the
 // associated connection's local address is used to extract an IP address.
-func (*Config) getNameFromClientHello(hello *tls.ClientHelloInfo) string {
+func (cfg *Config) getNameFromClientHello(hello *tls.ClientHelloInfo) string {
 	if name := normalizedName(hello.ServerName); name != "" {
 		return name
 	}
+	if cfg.DefaultServerName != "" {
+		return normalizedName(cfg.DefaultServerName)
+	}
 	return localIPFromConn(hello.Conn)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ func (cfg Config) getCertificateFromCache(hello tls.ClientHelloInfo) (cert Cer`
`123`	`123`	`}`
`124`	`124`	`}`
`125`	`125`
`126`		`- // fall back to a "default" certificate, if specified`
	`126`	`+ // use a "default" certificate by name, if specified`
`127`	`127`	`if cfg.DefaultServerName != "" {`
`128`	`128`	`normDefault := normalizedName(cfg.DefaultServerName)`
`129`	`129`	`cert, defaulted = cfg.selectCert(hello, normDefault)`
`@@ -835,10 +835,13 @@ func (cfg Config) getTLSALPNChallengeCert(clientHello tls.ClientHelloInfo) (*t`
`835`	`835`	`// getNameFromClientHello returns a normalized form of hello.ServerName.`
`836`	`836`	`// If hello.ServerName is empty (i.e. client did not use SNI), then the`
`837`	`837`	`// associated connection's local address is used to extract an IP address.`
`838`		`-func (Config) getNameFromClientHello(hello tls.ClientHelloInfo) string {`
	`838`	`+func (cfg Config) getNameFromClientHello(hello tls.ClientHelloInfo) string {`
`839`	`839`	`if name := normalizedName(hello.ServerName); name != "" {`
`840`	`840`	`return name`
`841`	`841`	`}`
	`842`	`+ if cfg.DefaultServerName != "" {`
	`843`	`+ return normalizedName(cfg.DefaultServerName)`
	`844`	`+ }`
`842`	`845`	`return localIPFromConn(hello.Conn)`
`843`	`846`	`}`
`844`	`847`