eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-25 17:15:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

internal: fix certificate fallback without SNI (#21417)

Browse Source 
21412: fix falls back to RSA instead of configured other TLS Certificates for a brand/domain

Honor the other certificates other than RSA
This commit is contained in:
Bapuji Koraganti
2026-04-06 19:28:44 -04:00
committed by GitHub
parent 0f401a262c
commit ae27fe4ce8
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/web/web_tls.go
View File

@@ -18,11 +18,7 @@ func (ws *WebServer) GetCertificate() func(ch *tls.ClientHelloInfo) (*tls.Config
} }
return func(ch *tls.ClientHelloInfo) (*tls.Config, error) { return func(ch *tls.ClientHelloInfo) (*tls.Config, error) {
cfg := utils.GetTLSConfig() cfg := utils.GetTLSConfig()
if ch.ServerName == "" { if ch.ServerName != "" && ws.ProxyServer != nil {
cfg.Certificates = []tls.Certificate{fallback}
return cfg, nil
}
if ws.ProxyServer != nil {
appCert := ws.ProxyServer.GetCertificate(ch.ServerName) appCert := ws.ProxyServer.GetCertificate(ch.ServerName)
if appCert != nil { if appCert != nil {
cfg.Certificates = []tls.Certificate{*appCert} cfg.Certificates = []tls.Certificate{*appCert}