httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)

This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
caddyserver · May 5, 2020 · 2f59467 · 2f59467
1 parent 184e8e9
commit 2f59467
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
@@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings(
 						hasCatchAllTLSConnPolicy = true
 					}
 
-					srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+					// only append this policy if it actually changes something
+					if !cp.SettingsEmpty() {
+						srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp)
+					}
 				}
 			}
 

diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
@@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
 	return nil
 }
 
+// SettingsEmpty returns true if p's settings (fields
+// except the matchers) are all empty/unset.
+func (p ConnectionPolicy) SettingsEmpty() bool {
+	return p.CertSelection == nil &&
+		p.CipherSuites == nil &&
+		p.Curves == nil &&
+		p.ALPN == nil &&
+		p.ProtocolMin == "" &&
+		p.ProtocolMax == "" &&
+		p.ClientAuthentication == nil &&
+		p.DefaultSNI == ""
+}
+
 // ClientAuthentication configures TLS client auth.
 type ClientAuthentication struct {
 	// A list of base64 DER-encoded CA certificates