From d94e67608391b45bb6b8717fb8b06cd8064acc1c Mon Sep 17 00:00:00 2001 From: Baptiste Mayelle Date: Mon, 25 Mar 2024 11:08:04 +0100 Subject: [PATCH] Enforce failure for TCP HostSNI with hostname Co-authored-by: Romain --- integration/fixtures/tcp/service_errors.toml | 2 ++ pkg/server/router/tcp/manager.go | 1 + pkg/server/router/tcp/manager_test.go | 1 + 3 files changed, 4 insertions(+) diff --git a/integration/fixtures/tcp/service_errors.toml b/integration/fixtures/tcp/service_errors.toml index b6949da71..1954f720d 100644 --- a/integration/fixtures/tcp/service_errors.toml +++ b/integration/fixtures/tcp/service_errors.toml @@ -23,10 +23,12 @@ [tcp.routers.router1] service = "service1" rule = "HostSNI(`snitest.net`)" + [tcp.routers.router1.tls] [tcp.routers.router2] service = "service2" rule = "HostSNI(`snitest.com`)" + [tcp.routers.router2.tls] [tcp.services] [tcp.services.service1] diff --git a/pkg/server/router/tcp/manager.go b/pkg/server/router/tcp/manager.go index 5b6e18385..abc5d1c64 100644 --- a/pkg/server/router/tcp/manager.go +++ b/pkg/server/router/tcp/manager.go @@ -288,6 +288,7 @@ func (m *Manager) addTCPHandlers(ctx context.Context, configs map[string]*runtim routerErr := fmt.Errorf("invalid rule: %q , has HostSNI matcher, but no TLS on router", routerConfig.Rule) routerConfig.AddError(routerErr, true) logger.Error(routerErr) + continue } var handler tcp.Handler diff --git a/pkg/server/router/tcp/manager_test.go b/pkg/server/router/tcp/manager_test.go index 0b6066b8a..219eb90d8 100644 --- a/pkg/server/router/tcp/manager_test.go +++ b/pkg/server/router/tcp/manager_test.go @@ -264,6 +264,7 @@ func TestRuntimeConfiguration(t *testing.T) { EntryPoints: []string{"web"}, Service: "foo-service", Rule: "HostSNI(`foo.bar`)", + TLS: &dynamic.RouterTCPTLSConfig{}, }, }, },