From 7f563bb1826c37b86cafe414fdc59dae6940d53b Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Wed, 24 May 2023 17:20:52 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BD=91=E7=AB=99=E5=85=A8=E5=B1=80=E8=AE=BE?=
 =?UTF-8?q?=E7=BD=AE=E4=B8=AD=E5=A2=9E=E5=8A=A0=E2=80=9C=E8=87=AA=E5=8A=A8?=
 =?UTF-8?q?=E5=8C=B9=E9=85=8D=E8=AF=81=E4=B9=A6=E2=80=9D=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/nodes/listener_base.go | 35 ++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/internal/nodes/listener_base.go b/internal/nodes/listener_base.go
index 2345dd3..cc6b2a2 100644
--- a/internal/nodes/listener_base.go
+++ b/internal/nodes/listener_base.go
@@ -91,10 +91,15 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C
 		return nil, nil, errors.New("no configure found")
 	}
 
+	var globalServerConfig *serverconfigs.GlobalServerConfig
+	if sharedNodeConfig != nil {
+		globalServerConfig = sharedNodeConfig.GlobalServerConfig
+	}
+
 	// 如果域名为空，则取第一个
 	// 通常域名为空是因为是直接通过IP访问的
 	if len(domain) == 0 {
-		if group.IsHTTPS() && sharedNodeConfig.GlobalServerConfig != nil && sharedNodeConfig.GlobalServerConfig.HTTPAll.MatchDomainStrictly {
+		if group.IsHTTPS() && globalServerConfig != nil && globalServerConfig.HTTPAll.MatchDomainStrictly {
 			return nil, nil, errors.New("no tls server name matched")
 		}
 
@@ -114,9 +119,37 @@ func (this *BaseListener) matchSSL(domain string) (*sslconfigs.SSLPolicy, *tls.C
 	// 通过代理服务域名配置匹配
 	server, _ := this.findNamedServer(domain)
 	if server == nil {
+		// 找不到或者此时的服务没有配置证书，需要搜索所有的Server，通过SSL证书内容中的DNSName匹配
+		// 此功能仅为了兼容以往版本（v1.0.4），不应该作为常态启用
+		if globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers {
+			for _, searchingServer := range group.Servers() {
+				if searchingServer.SSLPolicy() == nil || !searchingServer.SSLPolicy().IsOn {
+					continue
+				}
+				cert, ok := searchingServer.SSLPolicy().MatchDomain(domain)
+				if ok {
+					return searchingServer.SSLPolicy(), cert, nil
+				}
+			}
+		}
+
 		return nil, nil, errors.New("no server found for '" + domain + "'")
 	}
 	if server.SSLPolicy() == nil || !server.SSLPolicy().IsOn {
+		// 找不到或者此时的服务没有配置证书，需要搜索所有的Server，通过SSL证书内容中的DNSName匹配
+		// 此功能仅为了兼容以往版本（v1.0.4），不应该作为常态启用
+		if  globalServerConfig != nil && globalServerConfig.HTTPAll.MatchCertFromAllServers {
+			for _, searchingServer := range group.Servers() {
+				if searchingServer.SSLPolicy() == nil || !searchingServer.SSLPolicy().IsOn {
+					continue
+				}
+				cert, ok := searchingServer.SSLPolicy().MatchDomain(domain)
+				if ok {
+					return searchingServer.SSLPolicy(), cert, nil
+				}
+			}
+		}
+
 		return nil, nil, errors.New("no cert found for '" + domain + "'")
 	}