Merge current v2.11 into v3.0

2024-03-12 10:38:29 +01:00 · 2024-03-12 10:38:29 +01:00 · 05be441027
commit 05be441027
parent 6c9687f410 5cf1b95c29
156 changed files with 5826 additions and 8436 deletions
--- a/pkg/tls/tls.go
+++ b/pkg/tls/tls.go
@ -40,7 +40,7 @@ func (o *Options) SetDefaults() {

 // Store holds the options for a given Store.
 type Store struct {
-	DefaultCertificate   *Certificate   `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty" export:"true"`
+	DefaultCertificate   *Certificate   `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty" label:"-" export:"true"`
 	DefaultGeneratedCert *GeneratedCert `json:"defaultGeneratedCert,omitempty" toml:"defaultGeneratedCert,omitempty" yaml:"defaultGeneratedCert,omitempty" export:"true"`
 }

--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -6,6 +6,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 	"sync"

@ -189,7 +190,7 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) {
 	tlsConfig.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		domainToCheck := types.CanonicalDomain(clientHello.ServerName)

-		if isACMETLS(clientHello) {
+		if slices.Contains(clientHello.SupportedProtos, tlsalpn01.ACMETLS1Protocol) {
 			certificate := acmeTLSStore.GetBestCertificate(clientHello)
 			if certificate == nil {
 				log.Debug().Msgf("TLS: no certificate for TLSALPN challenge: %s", domainToCheck)
@ -427,13 +428,3 @@ func buildDefaultCertificate(defaultCertificate *Certificate) (*tls.Certificate,
 	}
 	return &cert, nil
 }
-
-func isACMETLS(clientHello *tls.ClientHelloInfo) bool {
-	for _, proto := range clientHello.SupportedProtos {
-		if proto == tlsalpn01.ACMETLS1Protocol {
-			return true
-		}
-	}
-
-	return false
-}