Enforce failure for TCP HostSNI with hostname

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2024-03-25 11:08:04 +01:00 · 2024-03-25 11:08:04 +01:00 · d94e676083
commit d94e676083
parent 141abce2d5
3 changed files with 4 additions and 0 deletions
--- a/integration/fixtures/tcp/service_errors.toml
+++ b/integration/fixtures/tcp/service_errors.toml
@ -23,10 +23,12 @@
  [tcp.routers.router1]
    service = "service1"
    rule = "HostSNI(`snitest.net`)"
+    [tcp.routers.router1.tls]

  [tcp.routers.router2]
    service = "service2"
    rule = "HostSNI(`snitest.com`)"
+    [tcp.routers.router2.tls]

 [tcp.services]
  [tcp.services.service1]
--- a/pkg/server/router/tcp/manager.go
+++ b/pkg/server/router/tcp/manager.go
@ -288,6 +288,7 @@ func (m *Manager) addTCPHandlers(ctx context.Context, configs map[string]*runtim
 			routerErr := fmt.Errorf("invalid rule: %q , has HostSNI matcher, but no TLS on router", routerConfig.Rule)
 			routerConfig.AddError(routerErr, true)
 			logger.Error(routerErr)
+			continue
 		}

 		var handler tcp.Handler
--- a/pkg/server/router/tcp/manager_test.go
+++ b/pkg/server/router/tcp/manager_test.go
@ -264,6 +264,7 @@ func TestRuntimeConfiguration(t *testing.T) {
 						EntryPoints: []string{"web"},
 						Service:     "foo-service",
 						Rule:        "HostSNI(`foo.bar`)",
+						TLS:         &dynamic.RouterTCPTLSConfig{},
 					},
 				},
 			},