Provision sets up each connection policy. It should be called during the Validate() phase, after the TLS app (if any) is already set up.
(ctx caddy.Context)
| 50 | // during the Validate() phase, after the TLS app (if any) is |
| 51 | // already set up. |
| 52 | func (cp ConnectionPolicies) Provision(ctx caddy.Context) error { |
| 53 | for i, pol := range cp { |
| 54 | // matchers |
| 55 | mods, err := ctx.LoadModule(pol, "MatchersRaw") |
| 56 | if err != nil { |
| 57 | return fmt.Errorf("loading handshake matchers: %v", err) |
| 58 | } |
| 59 | for _, modIface := range mods.(map[string]any) { |
| 60 | cp[i].matchers = append(cp[i].matchers, modIface.(ConnectionMatcher)) |
| 61 | } |
| 62 | |
| 63 | // enable HTTP/2 by default |
| 64 | if pol.ALPN == nil { |
| 65 | pol.ALPN = append(pol.ALPN, defaultALPN...) |
| 66 | } |
| 67 | |
| 68 | // pre-build standard TLS config so we don't have to at handshake-time |
| 69 | err = pol.buildStandardTLSConfig(ctx) |
| 70 | if err != nil { |
| 71 | return fmt.Errorf("connection policy %d: building standard TLS config: %s", i, err) |
| 72 | } |
| 73 | |
| 74 | if pol.ClientAuthentication != nil && len(pol.ClientAuthentication.VerifiersRaw) > 0 { |
| 75 | clientCertValidations, err := ctx.LoadModule(pol.ClientAuthentication, "VerifiersRaw") |
| 76 | if err != nil { |
| 77 | return fmt.Errorf("loading client cert verifiers: %v", err) |
| 78 | } |
| 79 | for _, validator := range clientCertValidations.([]any) { |
| 80 | cp[i].ClientAuthentication.verifiers = append(cp[i].ClientAuthentication.verifiers, validator.(ClientCertificateVerifier)) |
| 81 | } |
| 82 | } |
| 83 | |
| 84 | if len(pol.HandshakeContextRaw) > 0 { |
| 85 | modIface, err := ctx.LoadModule(pol, "HandshakeContextRaw") |
| 86 | if err != nil { |
| 87 | return fmt.Errorf("loading handshake context module: %v", err) |
| 88 | } |
| 89 | cp[i].handshakeContext = modIface.(HandshakeContext) |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | return nil |
| 94 | } |
| 95 | |
| 96 | // TLSConfig returns a standard-lib-compatible TLS configuration which |
| 97 | // selects the first matching policy based on the ClientHello. |
nothing calls this directly
no test coverage detected