From d51a2ce48741acaf9e19229ab89d0ebc09a5a843 Mon Sep 17 00:00:00 2001 From: Romain Date: Fri, 8 Dec 2023 16:42:05 +0100 Subject: [PATCH] Compute priority for https forwarder TLS routes --- pkg/server/router/tcp/router.go | 5 ++--- pkg/server/router/tcp/router_test.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/pkg/server/router/tcp/router.go b/pkg/server/router/tcp/router.go index 8c2e8939b..711a60313 100644 --- a/pkg/server/router/tcp/router.go +++ b/pkg/server/router/tcp/router.go @@ -266,9 +266,8 @@ func (r *Router) SetHTTPSForwarder(handler tcp.Handler) { } } - // muxerHTTPS only contains single HostSNI rules (and no other kind of rules), - // so there's no need for specifying a priority for them. - if err := r.muxerHTTPS.AddRoute("HostSNI(`"+sniHost+"`)", 0, tcpHandler); err != nil { + rule := "HostSNI(`" + sniHost + "`)" + if err := r.muxerHTTPS.AddRoute(rule, tcpmuxer.GetRulePriority(rule), tcpHandler); err != nil { log.Error().Err(err).Msg("Error while adding route for host") } } diff --git a/pkg/server/router/tcp/router_test.go b/pkg/server/router/tcp/router_test.go index 5be801476..29bb2c418 100644 --- a/pkg/server/router/tcp/router_test.go +++ b/pkg/server/router/tcp/router_test.go @@ -494,6 +494,21 @@ func Test_Routing(t *testing.T) { }, }, }, + { + desc: "HTTPS router && HTTPS CatchAll router", + routers: []applyRouter{routerHTTPS, routerHTTPSPathPrefix}, + checks: []checkCase{ + { + desc: "HTTPS TLS 1.0 request should fail", + checkRouter: checkHTTPSTLS10, + expectedError: "wrong TLS version", + }, + { + desc: "HTTPS TLS 1.2 request should be handled by HTTPS service", + checkRouter: checkHTTPSTLS12, + }, + }, + }, { desc: "All routers, all checks", routers: []applyRouter{routerTCPCatchAll, routerHTTP, routerHTTPS, routerTCPTLS, routerTCPTLSCatchAll},