Compute priority for https forwarder TLS routes

2023-12-08 16:42:05 +01:00 · 2023-12-08 16:42:05 +01:00 · d51a2ce487
parent 6858dbdd07
commit d51a2ce487
2 changed files with 17 additions and 3 deletions
--- a/pkg/server/router/tcp/router.go
+++ b/pkg/server/router/tcp/router.go
@ -266,9 +266,8 @@ func (r *Router) SetHTTPSForwarder(handler tcp.Handler) {
 			}
 		}

-		// muxerHTTPS only contains single HostSNI rules (and no other kind of rules),
-		// so there's no need for specifying a priority for them.
-		if err := r.muxerHTTPS.AddRoute("HostSNI(`"+sniHost+"`)", 0, tcpHandler); err != nil {
+		rule := "HostSNI(`" + sniHost + "`)"
+		if err := r.muxerHTTPS.AddRoute(rule, tcpmuxer.GetRulePriority(rule), tcpHandler); err != nil {
 			log.Error().Err(err).Msg("Error while adding route for host")
 		}
 	}
--- a/pkg/server/router/tcp/router_test.go
+++ b/pkg/server/router/tcp/router_test.go
@ -494,6 +494,21 @@ func Test_Routing(t *testing.T) {
 				},
 			},
 		},
+		{
+			desc:    "HTTPS router && HTTPS CatchAll router",
+			routers: []applyRouter{routerHTTPS, routerHTTPSPathPrefix},
+			checks: []checkCase{
+				{
+					desc:          "HTTPS TLS 1.0 request should fail",
+					checkRouter:   checkHTTPSTLS10,
+					expectedError: "wrong TLS version",
+				},
+				{
+					desc:        "HTTPS TLS 1.2 request should be handled by HTTPS service",
+					checkRouter: checkHTTPSTLS12,
+				},
+			},
+		},
 		{
 			desc:    "All routers, all checks",
 			routers: []applyRouter{routerTCPCatchAll, routerHTTP, routerHTTPS, routerTCPTLS, routerTCPTLSCatchAll},