tls: strip IPv6 brackets before enabling certmagic

Alan Pearce alan@alanpearce.eu

Sat, 29 Jun 2024 10:26:57 +0200

commit

37895a7da8dfd3a2d419e62350595bd83cceb434

parent

6e092d6456f870df0ae90f400e6848d748a93c4c

1 files changed, 6 insertions(+), 1 deletions(-)

jump to

internal/server/tls.go

M internal/server/tls.go → internal/server/tls.go

@@ -50,11 +50,16 @@ 		// caddy's ACME server (step-ca) doesn't specify an OCSP server
 		cfg.OCSP.DisableStapling = true
 
+		listenAddress := s.runtimeConfig.ListenAddress
+		if listenAddress[0] == '[' {
+			listenAddress = listenAddress[1 : len(listenAddress)-1]
+		}
+
 		cfg.Issuers[0] = certmagic.NewACMEIssuer(cfg, certmagic.ACMEIssuer{
 			CA:                      s.runtimeConfig.ACMECA,
 			TrustedRoots:            cp,
 			DisableTLSALPNChallenge: true,
-			ListenHost:              s.runtimeConfig.ListenAddress,
+			ListenHost:              listenAddress,
 			AltHTTPPort:             s.runtimeConfig.Port,
 			AltTLSALPNPort:          s.runtimeConfig.TLSPort,
 		})

all repos — website @ 37895a7da8dfd3a2d419e62350595bd83cceb434

My website