From 1c1dec4921eb880b8442f8985266712643a0b619 Mon Sep 17 00:00:00 2001 From: Andreas Kohn Date: Fri, 3 May 2024 13:39:05 +0200 Subject: [PATCH 1/2] Set the `ServerName` field in the ClientHelloInfo when it was unset and a default SNI name is configured --- modules/caddytls/connpolicy.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 49c7add49d3..7b03c5c5b65 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -232,6 +232,9 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { cfg.CertSelection = p.CertSelection } cfg.DefaultServerName = p.DefaultSNI + if hello.ServerName == "" && p.DefaultSNI != "" { + hello.ServerName = p.DefaultSNI + } cfg.FallbackServerName = p.FallbackSNI return cfg.GetCertificate(hello) }, From 32c651112e07c00ec35120c6e0b55ea7242193ea Mon Sep 17 00:00:00 2001 From: Artur Fortunato Date: Mon, 6 May 2024 10:08:34 +0100 Subject: [PATCH 2/2] Add logs to debug --- modules/caddytls/connpolicy.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 7b03c5c5b65..c8cda500c50 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -232,7 +232,9 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { cfg.CertSelection = p.CertSelection } cfg.DefaultServerName = p.DefaultSNI + tlsApp.logger.Info("Looking for ClientHello.ServerName", zap.String("default_sni", p.DefaultSNI)) if hello.ServerName == "" && p.DefaultSNI != "" { + tlsApp.logger.Info("ClientHello.ServerName is empty; using default SNI", zap.String("default_sni", p.DefaultSNI)) hello.ServerName = p.DefaultSNI } cfg.FallbackServerName = p.FallbackSNI